Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Vulnerability Description
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
Vulnerability Type
XML注入(XPath盲注)
Vulnerability Title
FontTools 安全漏洞
Vulnerability Description
FontTools是FontTools开源的一个用 Python 编写的用于操作字体的库。 FontTools 4.33.0版本至4.60.2之前版本存在安全漏洞,该漏洞源于处理恶意.designspace文件时存在任意文件写入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A