CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56520: An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for...

Description

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.

Classification

CVE ID: CVE-2024-56520

Affected Products

Vendor: tecnick

Product: tcpdf

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://tcpdf.org
https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe
https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677
https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4

Timeline

2024-12-27 20:15:16 UTC
Github Advisory Database (Composer)

[tecnickcom/tc-lib-pdf-font] tecnickcom/tc-lib-pdf-font mishandles fonts
2025-01-03 00:30:24 UTC
CVE

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for...