Font Handling Issues in TCPDF and tc-lib-pdf-font
CVE-2024-56520

Currently unrated

Key Information:

Vendor: Tecnick
Status: TcPDF
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-56520?

An issue has been identified in tc-lib-pdf-font, which impacts the way fonts are managed within TCPDF and related products. Specifically, prior to the version 2.6.4 of tc-lib-pdf-font and version 6.8.0 of TCPDF, there were misparsing issues with the FontBBox for Type 1 and TrueType fonts. This flaw may lead to unexpected behaviors in documents that utilize these font types, potentially affecting the display or rendering of text within generated PDF files. Users of these affected versions are urged to update to the latest releases to mitigate risks associated with this vulnerability.

Affected Version(s)

tcpdf 0 < 6.8.0

References

https://tcpdf.org

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc3...

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Dec 27, 2024

Tecnick

What is CVE-2024-56520?

Affected Version(s)

References

Timeline