Lucene search
K

76 matches found

Cvelist
Cvelist
added 2025/11/29 1:7 a.m.12 views

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS0.00496EPSS
Exploits9References2
Vulnrichment
Vulnrichment
added 2025/11/29 1:7 a.m.8 views

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS7.6AI score0.00496EPSS
Exploits9References2
CVE
CVE
added 2025/11/29 1:7 a.m.142 views

CVE-2025-66034

CVE-2025-66034 affects fontTools, a Python font manipulation library. Affected: fontTools.varLib main() path when processing malicious .designspace files; arbitrary file write can lead to remote code execution. Impact: high (per CVSS 3.1, base 9.8) when exploited via the varLib CLI or code invoki...

9.8CVSS7.8AI score0.00496EPSS
Exploits9References2Affected Software1
Debian CVE
Debian CVE
added 2025/11/29 1:7 a.m.10 views

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS8.4AI score0.00496EPSS
Exploits9
OSV
OSV
added 2025/11/29 1:7 a.m.28 views

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS8AI score0.00496EPSS
Exploits9References4
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.4 views

PT-2025-48353

Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1 Description fontTools is a Python library used for manipulating fonts. A flaw exists in the fontTools.varLib script, specifically within the main code path, which can lead to arbitrary file write and...

9.8CVSS8AI score0.01228EPSS
Exploits10References30
CNNVD
CNNVD
added 2025/11/29 12:0 a.m.4 views

FontTools 安全漏洞

FontTools is a FontTools open source library written in Python for manipulating fonts. A security vulnerability exists in FontTools version 4.33.0 through versions prior to 4.60.2, which stems from an arbitrary file write when processing a malicious .designspace file, and could lead to remote cod...

9.8CVSS7.7AI score0.00496EPSS
Exploits9References3
Circl
Circl
added 2025/11/28 4:11 p.m.12 views

CVE-2025-66034

creationtimestamp| type| source ---|---|--- 2025-11-28 16:11:02+00:00| published-proof-of-concept| https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv 2025-11-29 17:58:20+00:00| seen|...

9.8CVSS7.4AI score0.00496EPSS
Exploits9References9
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: fonttools (TSSA-2024:0368)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0368 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0267

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : fonttools Vulnerability (NS-SA-2025-0156)

The remote NewStart CGSL host, running version MAIN 7.02, has fonttools packages installed that are affected by a vulnerability: - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-45139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References2
OSV
OSV
added 2024/06/15 12:0 a.m.3 views

OPENSUSE-SU-2024:13686-1 python310-FontTools-4.47.2-2.1 on GA media

These are all security issues fixed in the python310-FontTools-4.47.2-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.6AI score0.01228EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/03/15 12:0 a.m.10 views

Mageia: Security Advisory (MGASA-2024-0060)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References5
OSV
OSV
added 2024/03/14 7:34 p.m.5 views

MGASA-2024-0060 Updated fonttools packages fix security vulnerabilities

As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References4
Mageia
Mageia
added 2024/03/14 7:34 p.m.30 views

Updated fonttools packages fix security vulnerabilities

As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...

7.5CVSS7.2AI score0.01228EPSS
Exploits1References3
Fedora
Fedora
added 2024/01/25 12:41 a.m.29 views

[SECURITY] Fedora 39 Update: fonttools-4.43.1-1.fc39

fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...

7.5CVSS7.4AI score0.01228EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/01/25 12:0 a.m.10 views

Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.33 views

Fedora 39 : fonttools (2024-6d1d9f70d2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d1d9f70d2 advisory. Security fix for CVE-2023-45139 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References2
OSV
OSV
added 2024/01/19 11:6 a.m.3 views

OESA-2024-1080 python-fonttools security update

FontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats. Th...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References2
Rows per page
Query Builder