Critical Vulnerability in Fedora 42: python-unicodedata2 Arbitrary RCE
fedora
December 20, 2025
Update to 17.0.0 version (#2412270) Update fonttools 4.61.0
Summary
This module provides access to the Unicode Character Database (UCD)
which defines character properties for all Unicode characters. The
data contained in this database is compiled from the UCD version 13.0.0.
The versions of this package match Unicode versions, so unicodedata2==13.0.0
is data from Unicode 13.0.0.
Update Information:
Update to 17.0.0 version (#2412270) Update fonttools 4.61.0
Change Log
* Fri Nov 7 2025 Parag Nemade
References
[ 1 ] Bug #2421330 - CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2421330
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-58e2bb0f1e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Name: python-unicodedata2
Product: Fedora 42
Version: 17.0.0
Release: 1.fc42
Summary: Unicodedata backport updated to the latest Unicode version
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!