Vulnerabilties in FontTools & FontForge

Vulnerabilties in FontTools & FontForge

Open Source Security [[{„value“:“

Posted by Alan Coopersmith on Mar 08

https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/
is a detailed blog about vulnerabilities in some open source font handling software.

It discusses three new vulnerabilities in particular:

– CVE-2023-45139 in FontTools versions >=4.28.2, <4.43.0, fixed in 4.43.0

FontTools uses lxml to process SVG tables in OpenType fonts, and had
not disabled external entity expansion (which lmxl enables by…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert