CVE-2023-45139

Опубликовано: 10 янв. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	4.46.0-1
esm-apps/bionic	needs-triage
esm-apps/focal	not-affected	4.5.0-1
esm-apps/jammy	released	4.29.1-2ubuntu0.1~esm1
esm-apps/noble	not-affected	4.46.0-1
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needed
lunar	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 39%

0.00172

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-45139

CVSS3: 7.5

redhat

около 2 лет назад

CVE-2023-45139

CVSS3: 7.5

nvd

около 2 лет назад

CVE-2023-45139

CVSS3: 7.5

debian

около 2 лет назад

fontTools is a library for manipulating fonts, written in Python. The ...

GHSA-6673-4983-2vx5

CVSS3: 7.5

github

около 2 лет назад

fonttools XML External Entity Injection (XXE) Vulnerability

EPSS

Процентиль: 39%

0.00172

Низкий

7.5 High

CVSS3

CVE-2023-45139

Описание

Пакет fonttools

Ссылки на источники

Связанные уязвимости