VYPR

Fonttools

by Formtools.org

pypi: fonttools

Source repositories

CVEs (2)

  • CVE-2023-45139HigJan 10, 2024
    risk 0.42cvss 7.5epss 0.01

    fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed.…

  • CVE-2025-66034Nov 29, 2025
    risk 0.00cvss epss 0.01

    fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace…