Security Issue in TCPDF's SVG Font Handling
CVE-2024-56519

Currently unrated

Key Information:

Vendor: Tecnick
Status: TcPDF
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-56519?

A security flaw has been identified in earlier versions of TCPDF, specifically affecting the functionality of the setSVGStyles method. This vulnerability arises from the failure to adequately sanitize the SVG font-family attribute, which could potentially lead to various security risks. Developers using versions prior to 6.8.0 must be aware of this issue and consider upgrading to the latest release to ensure proper protection against possible exploits. For further details, refer to the official GitHub repository and documentation for TCPDF.

Affected Version(s)

tcpdf 0 < 6.8.0

References

https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880b...

https://tcpdf.org

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Dec 27, 2024

Tecnick

What is CVE-2024-56519?

Affected Version(s)

References

Timeline