When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The researchers abused this vulnerability to produce a subsetted font containing an SVG table with an /etc/passwd payload.
FontTools released a patch three days after being notified of the vulnerability in September 2023.
Canva found the potential for command injection when dealing with filenames in tools like FontForge and ImageMagick.
Both have also been addressed.
