4 matches found
SUSE CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
DEBIAN-CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
GHSA-6673-4983-2VX5 fonttools XML External Entity Injection (XXE) Vulnerability
Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...