PyPI package
fonttools
pkg:pypi/fonttools
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66034 | — | >= 4.33.0, < 4.60.2 | 4.60.2 | Nov 29, 2025 | fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace fil | ||
| CVE-2023-45139 | Hig | 7.5 | >= 4.28.2, < 4.43.0 | 4.43.0 | Jan 10, 2024 | fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This |
- CVE-2025-66034Nov 29, 2025affected >= 4.33.0, < 4.60.2fixed 4.60.2
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace fil
- affected >= 4.28.2, < 4.43.0fixed 4.43.0
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This