76 matches found
CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
CVE-2025-66034
CVE-2025-66034 affects fontTools, a Python font manipulation library. Affected: fontTools.varLib main() path when processing malicious .designspace files; arbitrary file write can lead to remote code execution. Impact: high (per CVSS 3.1, base 9.8) when exploited via the varLib CLI or code invoki...
CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
PT-2025-48353
Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1 Description fontTools is a Python library used for manipulating fonts. A flaw exists in the fontTools.varLib script, specifically within the main code path, which can lead to arbitrary file write and...
FontTools 安全漏洞
FontTools is a FontTools open source library written in Python for manipulating fonts. A security vulnerability exists in FontTools version 4.33.0 through versions prior to 4.60.2, which stems from an arbitrary file write when processing a malicious .designspace file, and could lead to remote cod...
CVE-2025-66034
creationtimestamp| type| source ---|---|--- 2025-11-28 16:11:02+00:00| published-proof-of-concept| https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv 2025-11-29 17:58:20+00:00| seen|...
TencentOS Server 4: fonttools (TSSA-2024:0368)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0368 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2024-0267
Malicious code in bioql PyPI...
NewStart CGSL MAIN 7.02 : fonttools Vulnerability (NS-SA-2025-0156)
The remote NewStart CGSL host, running version MAIN 7.02, has fonttools packages installed that are affected by a vulnerability: - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker...
Linux Distros Unpatched Vulnerability : CVE-2023-45139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an...
OPENSUSE-SU-2024:13686-1 python310-FontTools-4.47.2-2.1 on GA media
These are all security issues fixed in the python310-FontTools-4.47.2-2.1 package on the GA media of openSUSE Tumbleweed...
Mageia: Security Advisory (MGASA-2024-0060)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0060 Updated fonttools packages fix security vulnerabilities
As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...
Updated fonttools packages fix security vulnerabilities
As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...
[SECURITY] Fedora 39 Update: fonttools-4.43.1-1.fc39
fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...
Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : fonttools (2024-6d1d9f70d2)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d1d9f70d2 advisory. Security fix for CVE-2023-45139 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
OESA-2024-1080 python-fonttools security update
FontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats. Th...