9 matches found
USN-7917-1 fonttools vulnerabilities
It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...
NewStart CGSL MAIN 7.02 : fonttools Vulnerability (NS-SA-2025-0156)
The remote NewStart CGSL host, running version MAIN 7.02, has fonttools packages installed that are affected by a vulnerability: - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker...
Linux Distros Unpatched Vulnerability : CVE-2023-45139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an...
Advisory ROSA-SA-2025-2644
Software: fonttools 4.28.5 WASP: ROSA-CHROME packageevrstring: fonttools-4.28.5 CVE-ID: CVE-2023-45139 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An XML External Entity Injection XXE vulnerability in the fontTools library allows an attacker to access arbitrary files or execute web requests. CVE-STATU...
Mageia: Security Advisory (MGASA-2024-0060)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : fonttools (2024-6d1d9f70d2)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d1d9f70d2 advisory. Security fix for CVE-2023-45139 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
OESA-2024-1080 python-fonttools security update
FontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats. Th...
SUSE CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...