Font Handling Issues in TCPDF and tc-lib-pdf-font
CVE-2024-56520

7.3HIGH

Key Information:

Vendor: Tecnick
Status: TcPDF
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-56520?

An issue has been identified in tc-lib-pdf-font, which impacts the way fonts are managed within TCPDF and related products. Specifically, prior to the version 2.6.4 of tc-lib-pdf-font and version 6.8.0 of TCPDF, there were misparsing issues with the FontBBox for Type 1 and TrueType fonts. This flaw may lead to unexpected behaviors in documents that utilize these font types, potentially affecting the display or rendering of text within generated PDF files. Users of these affected versions are urged to update to the latest releases to mitigate risks associated with this vulnerability.

Affected Version(s)

tcpdf 0 < 6.8.0

References

https://tcpdf.org

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc3...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Dec 27, 2024

JSON

Tecnick

What is CVE-2024-56520?

Affected Version(s)

References

CVSS V3.1

Timeline