Описание
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
This vulnerability in fontTools varLib allows a crafted .designspace file to trigger arbitrary file writes and XML-based content injection during variable-font generation. Because filenames are not sanitized, an attacker can use path traversal to overwrite files anywhere on the filesystem, and malicious payloads embedded in XML labelname elements can be injected directly into the generated output. When these overwritten files reside in executable or web-served locations, this can enable local remote-code execution or corruption of application or configuration files. The issue affects the varLib CLI and any code that invokes fontTools.varLib.main().
Отчет
This issue is rated Moderate rather than Important because the exploitability hinges on several limiting technical factors despite the high integrity impact. The arbitrary file-write and XML-injection pathways are only reachable when a user or automated workflow locally processes a malicious .designspace file, giving the flaw a local attack vector (AV:L) and requiring explicit user interaction (UI:R)—meaning an attacker cannot trigger it remotely over the network. The attack also involves high complexity (AC:H), as it depends on crafted designspace structures, controlled font sources, and specific invocation of fonttools varLib or code that directly calls varLib.main(). Additionally, the vulnerability does not expose confidentiality, and availability effects are limited to potential file corruption. These constraints significantly narrow real-world exposure, keeping the risk profile in the Moderate range despite the possibility of high local integrity impact when exploited.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted .designspace files with the fontTools varLib script or any application that invokes fontTools.varLib.main(). Restrict the execution environment of processes handling .designspace files to minimize potential impact from arbitrary file writes. If the fonttools package is not required, consider removing it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-tech-preview/automation-dashboard-rhel9 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | fonttools | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-amd-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-aws-nvidia-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-azure-amd-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-azure-nvidia-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-gcp-nvidia-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-intel-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-nvidia-rhel9 | Out of support scope | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/instructlab-amd-rhel9 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
fontTools is a library for manipulating fonts, written in Python. In v ...
EPSS
6.3 Medium
CVSS3