Lucene search
K

76 matches found

SUSE CVE
SUSE CVE
added 2024/01/13 2:44 a.m.3 views

SUSE CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/01/11 6:30 a.m.29 views

CVE-2023-45139

A flaw was found in the subsetting module of FontTools, which contains an XML External Entity Injection XXE vulnerability. This flaw allows malicious actors to exploit the parsing of candidate fonts, particularly those with an OT-SVG format that includes an SVG table. Through this vulnerability,...

7.5CVSS7.6AI score0.01228EPSS
Exploits1References6
NVD
NVD
added 2024/01/10 4:15 p.m.11 views

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.6AI score0.01228EPSS
Exploits1References6
OSV
OSV
added 2024/01/10 4:15 p.m.1 views

DEBIAN-CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References1
Prion
Prion
added 2024/01/10 4:15 p.m.15 views

Xxe

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

5CVSS7.3AI score0.01228EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2024/01/10 4:15 p.m.20 views

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.2AI score0.01228EPSS
Exploits1References5
OSV
OSV
added 2024/01/10 4:15 p.m.2 views

UBUNTU-CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS5.9AI score0.01228EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/01/10 4:3 p.m.38 views

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.8AI score0.01228EPSS
Exploits1References6
CVE
CVE
added 2024/01/10 4:3 p.m.106 views

CVE-2023-45139

CVE-2023-45139 affects the fontTools Python library, specifically the subsetting module. The issue is an XML External Entity (XXE) vulnerability that triggers when parsing candidate fonts (OT-SVG fonts with an SVG table), enabling an attacker to resolve arbitrary entities and potentially read arb...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/10 4:3 p.m.12 views

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.7AI score0.01228EPSS
Exploits1References6
OSV
OSV
added 2024/01/10 4:3 p.m.21 views

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.7AI score0.01228EPSS
Exploits1References8
Veracode
Veracode
added 2024/01/10 6:41 a.m.20 views

XML External Entity Injection

fonttools is vulnerable to XML External Entity Injection. The vulnerability is due to a misconfigured xml parser which allows external entities to be included in OT-SVG font. This issue can be exploited by an attacker by building a OT-SVG font which includes xml external entities, resulting in...

7.5CVSS6.3AI score0.01228EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.6 views

fontTools Code Issue Vulnerability

fontTools is a library written in Python for manipulating fonts. A code issue vulnerability exists in fontTools versions prior to 4.43.0. An attacker can exploit this vulnerability to run arbitrary files from fontTools' filesystem...

7.5CVSS7.1AI score0.01228EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/01/09 4:1 p.m.22 views

fonttools XML External Entity Injection (XXE) Vulnerability

Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...

7.5CVSS7.2AI score0.01228EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/01/09 4:1 p.m.16 views

GHSA-6673-4983-2VX5 fonttools XML External Entity Injection (XXE) Vulnerability

Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.3 views

PT-2024-13215

Name of the Vulnerable Software and Affected Versions fontTools versions 4.28.2 through 4.42.1 Description The subsetting module in fontTools has a XML External Entity Injection XXE vulnerability, allowing an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts containing a S...

9.8CVSS8AI score0.01228EPSS
Exploits10References37
Rows per page
Query Builder