PT-2024-13215
Name of the Vulnerable Software and Affected Versions fontTools versions 4.28.2 through 4.42.1 Description The subsetting module in fontTools has a XML External Entity Injection XXE vulnerability, allowing an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts containing a S...