76 matches found
SUSE CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
CVE-2023-45139
A flaw was found in the subsetting module of FontTools, which contains an XML External Entity Injection XXE vulnerability. This flaw allows malicious actors to exploit the parsing of candidate fonts, particularly those with an OT-SVG format that includes an SVG table. Through this vulnerability,...
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
DEBIAN-CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
Xxe
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
UBUNTU-CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
CVE-2023-45139
CVE-2023-45139 affects the fontTools Python library, specifically the subsetting module. The issue is an XML External Entity (XXE) vulnerability that triggers when parsing candidate fonts (OT-SVG fonts with an SVG table), enabling an attacker to resolve arbitrary entities and potentially read arb...
CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
XML External Entity Injection
fonttools is vulnerable to XML External Entity Injection. The vulnerability is due to a misconfigured xml parser which allows external entities to be included in OT-SVG font. This issue can be exploited by an attacker by building a OT-SVG font which includes xml external entities, resulting in...
fontTools Code Issue Vulnerability
fontTools is a library written in Python for manipulating fonts. A code issue vulnerability exists in fontTools versions prior to 4.43.0. An attacker can exploit this vulnerability to run arbitrary files from fontTools' filesystem...
fonttools XML External Entity Injection (XXE) Vulnerability
Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...
GHSA-6673-4983-2VX5 fonttools XML External Entity Injection (XXE) Vulnerability
Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...
PT-2024-13215
Name of the Vulnerable Software and Affected Versions fontTools versions 4.28.2 through 4.42.1 Description The subsetting module in fontTools has a XML External Entity Injection XXE vulnerability, allowing an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts containing a S...