fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

FontTools 安全漏洞

FontTools is a FontTools open source library written in Python for manipulating fonts. A security vulnerability exists in FontTools version 4.33.0 through versions prior to 4.60.2, which stems from an arbitrary file write when processing a malicious .designspace file, and could lead to remote cod...