2417780 – (CVE-2025-66034) CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file

Bug 2417780 (CVE-2025-66034) - CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file

Summary: CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote c...

Keywords:
Status:	NEW
Alias:	CVE-2025-66034
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2421324 2421328 2421330 2421325 2421326 2421327 2421329 2421331 2421332 2421333 2421334 2421335
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-29 02:01 UTC by OSIDB Bzimport
Modified:	2025-12-11 05:48 UTC (History)
CC List:	32 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-29 02:01:30 UTC

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.

Note You need to log in before you can comment on or make changes to this bug.

bbrownin
carogers
caswilli
dnakabaa
erezende
haoli
hkataria
jajackso
jcammara
jkoehler
jmitchel
jneedle
joehler
jwong
kaycoth
kegrant
koliveir
kshier
lcouzens
lphiri
mabashia
mskarbek
omaciel
pbraun
shvarugh
simaishi
smcdonal
stcannon
teagle
tfister
thavo
yguenane