Intel

AIKIDO-2026-546726

ttf-parser is vulnerable to Use of Unmaintained Third Party Components

Use of Unmaintained Third Party Components Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jul 2, 2026

50

Medium Risk

This Affects:

rustttf-parser
0.0.0 - *
Are you affected? Scan for Free

TL;DR

The ttf-parser package is no longer maintained.

Who does this affect?

You are affected if you are using this package.

Background info

ttf-parser is vulnerable to Use of Unmaintained Third Party Components in all versions.

How to fix this

Remove any ttf-parser package from your application. Please take a look at skrifa as an alternative.