CNNVD-202511-3051 Information

CNNVD ID

CNNVD-202511-3051

Related CVE

CVE-2025-66034

• CNNVD Published: 2025-11-29

Description (Chinese)

FontTools是FontTools开源的一个用 Python 编写的用于操作字体的库。 FontTools 4.33.0版本至4.60.2之前版本存在安全漏洞，该漏洞源于处理恶意.designspace文件时存在任意文件写入，可能导致远程代码执行。

Description (English)

FontTools is a library of FontTools open source Python. There was a security loophole in FontTools 4.33.0 to 4.60.2, which stemmed from the presence of random documents written while handling malicious.designspace files, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FontTools

Published

2025-11-29

Last Modified

2026-02-24

References

https://github.com/fonttools/fonttools/commit/a696d5ba93270d5954f98e7cab5ddca8a02c1e32 https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv https://vigilance.fr/vulnerability/fontTools-directory-traversal-via-Designspace-File-49043

Patch

https://github.com/fonttools/fonttools/releases