VYPR

PyPI package

fonttools

pkg:pypi/fonttools

Vulnerabilities (2)

  • CVE-2025-66034Nov 29, 2025
    affected >= 4.33.0, < 4.60.2fixed 4.60.2

    fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace fil

  • CVE-2023-45139HigJan 10, 2024
    affected >= 4.28.2, < 4.43.0fixed 4.43.0

    fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This