Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2024/01/13 2:44 a.m.3 views

SUSE CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References3
OSV
OSV
added 2024/01/10 4:15 p.m.1 views

DEBIAN-CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References1
NVD
NVD
added 2024/01/10 4:15 p.m.12 views

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.6AI score0.01228EPSS
Exploits1References6
OSV
OSV
added 2024/01/09 4:1 p.m.16 views

GHSA-6673-4983-2VX5 fonttools XML External Entity Injection (XXE) Vulnerability

Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References8
Rows per page
Query Builder