CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56519: An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

Description

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

Classification

CVE ID: CVE-2024-56519

Affected Products

Vendor: tecnick

Product: tcpdf

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
https://tcpdf.org
https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

Timeline