CVE-2023-45139 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-45139 Interim 1 7 2026-03-05T03:35:39Z current 2024-01-13T00:09:59Z 2026-03-05T03:35:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-45139 fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed python310-FontTools-4.47.2-2.1 python311-FontTools-4.47.2-2.1 python312-FontTools-4.47.2-2.1 python313-FontTools-4.53.1-160000.2.2 python39-FontTools-4.47.2-2.1 python313-FontTools-4.53.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python310-FontTools-4.47.2-2.1 as a component of openSUSE Tumbleweed python311-FontTools-4.47.2-2.1 as a component of openSUSE Tumbleweed python312-FontTools-4.47.2-2.1 as a component of openSUSE Tumbleweed python39-FontTools-4.47.2-2.1 as a component of openSUSE Tumbleweed fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0. CVE-2023-45139 SUSE Linux Enterprise Server 16.0:python313-FontTools-4.53.1-160000.2.2 openSUSE Tumbleweed:python310-FontTools-4.47.2-2.1 openSUSE Tumbleweed:python311-FontTools-4.47.2-2.1 openSUSE Tumbleweed:python312-FontTools-4.47.2-2.1 openSUSE Tumbleweed:python39-FontTools-4.47.2-2.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N