Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-htb-ctf VariaType Variable Font Generator Ex...

USN-7917-1 fonttools vulnerabilities

It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...

EUVD-2025-199882

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib...

CVE-2024-56520

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...

Advisory ROSA-SA-2025-2644

Software: fonttools 4.28.5 WASP: ROSA-CHROME packageevrstring: fonttools-4.28.5 CVE-ID: CVE-2023-45139 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An XML External Entity Injection XXE vulnerability in the fontTools library allows an attacker to access arbitrary files or execute web requests. CVE-STATU...

OTFCC 缓冲区错误漏洞

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. OTFCC suffers from a heap buffer overflow vulnerability that originates from a boundary error in /release-x64/otfccdump+0x6b03b5 when handling untrusted input. An attacker could exploit the...

OTFCC 安全漏洞

OTFCC is a C library and utility open sourced by Caryll. It is used to parse and write OpenType font files. OTFCC has a security vulnerability that stems from a segmentation violation located at its /release-x64/otfccdump 0x4fbc0b. No detailed vulnerability details are currently available...

OTFCC 缓冲区错误漏洞

OTFCC is a C library and utility open sourced by Caryll. It is used to parse and write OpenType font files. OTFCC suffers from a buffer overflow vulnerability that stems from the release-x64/otfccdump 0x6b544e commit package containing a heap buffer overflow. No detailed vulnerability details are...