While working on OpenOOD project, I identified a vulnerability (CVE-2025-66034) in the fontTools library. The issue allows arbitrary file write through path traversal and XML injection within .designspace files. This can potentially lead to remote code execution if exploited.
CVE Link
CVE Report
While working on OpenOOD project, I identified a vulnerability (CVE-2025-66034) in the fontTools library. The issue allows arbitrary file write through path traversal and XML injection within .designspace files. This can potentially lead to remote code execution if exploited.
CVE Link
CVE Report