Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-htb-ctf VariaType Variable Font Generator Ex...

Advisory ROSA-SA-2026-3220

Software: fonttools 4.49.0 WASP: ROSA-CHROME unaffected versions = fonttools-4.49.0-2 affected versions fonttools-4.49.0-2 CVE-ID: CVE-2025-66034 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Arbitrary file write vulnerability in fontTools varLib allows a remote attacker to execute arbitrary code when...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

fontvarlib.py — CVE-2025-66034 fontTools varLib — Arbi...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

fontTools varLib CVE-2025-66034 Exploit...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools [CVE-2025-66034]

Summary IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools, an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed CVE-2025-66034. fontTools is used in our service runtimes. This vulnerabilitiy has...

TencentOS Server 4: fonttools (TSSA-2025:0963)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0963 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Arbitrary File Write

fontTools is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of malicious .designspace files in the fontTools.varLib module, which allows an attacker to achieve remote code execution by writing arbitrary files when processed...

USN-7917-1: fontTools vulnerabilities

It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...

CVE-2025-66034

This vulnerability in fontTools varLib allows a crafted .designspace file to trigger arbitrary file writes and XML-based content injection during variable-font generation. Because filenames are not sanitized, an attacker can use path traversal to overwrite files anywhere on the filesystem, and...

SUSE CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

EUVD-2025-199882

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib...

GHSA-768J-98CG-P3FV fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

Linux Distros Unpatched Vulnerability : CVE-2025-66034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib...

XML Injection

Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to XML Injection via the main function in the fontTools/varLib/init.py file. An attacker can write files to the filesystem by supplying a specially crafted .designspace file. Remediation Upgrad...

DEBIAN-CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

UBUNTU-CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...