Lucene search
+L

9 matches found

OSV
OSV
added 2025/12/09 5:8 p.m.50 views

USN-7917-1 fonttools vulnerabilities

It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...

9.8CVSS6.9AI score0.01238EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : fonttools Vulnerability (NS-SA-2025-0156)

The remote NewStart CGSL host, running version MAIN 7.02, has fonttools packages installed that are affected by a vulnerability: - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker...

7.5CVSS7.5AI score0.01238EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-45139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an...

7.5CVSS7.5AI score0.01238EPSS
Exploits1References2
Rosalinux
Rosalinux
added 2025/01/28 7:8 p.m.20 views

Advisory ROSA-SA-2025-2644

Software: fonttools 4.28.5 WASP: ROSA-CHROME packageevrstring: fonttools-4.28.5 CVE-ID: CVE-2023-45139 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An XML External Entity Injection XXE vulnerability in the fontTools library allows an attacker to access arbitrary files or execute web requests. CVE-STATU...

7.5CVSS7.4AI score0.01238EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/03/15 12:0 a.m.10 views

Mageia: Security Advisory (MGASA-2024-0060)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01238EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/01/25 12:0 a.m.10 views

Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01238EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.33 views

Fedora 39 : fonttools (2024-6d1d9f70d2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d1d9f70d2 advisory. Security fix for CVE-2023-45139 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.4AI score0.01238EPSS
Exploits1References2
OSV
OSV
added 2024/01/19 11:6 a.m.3 views

OESA-2024-1080 python-fonttools security update

FontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats. Th...

7.5CVSS7.4AI score0.01238EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/01/13 2:44 a.m.4 views

SUSE CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.4AI score0.01238EPSS
Exploits1References3
Rows per page
Query Builder