CVE-2024-56520
published 2024-12-27CVE-2024-56520: An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and…
PriorityP337high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.53%
40.6th percentile
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tcpdf | < tcpdf 6.6.2+dfsg1-1+deb12u1 (bookworm) | tcpdf 6.6.2+dfsg1-1+deb12u1 (bookworm) |
| tcpdf_project | tcpdf | >= 0 < 6.3.5+dfsg1-1+deb11u1 | 6.3.5+dfsg1-1+deb11u1 |
| tcpdf_project | tcpdf | >= 0 < 6.6.2+dfsg1-1+deb12u1 | 6.6.2+dfsg1-1+deb12u1 |
| tcpdf_project | tcpdf | >= 0 < 6.8.0+dfsg-1 | 6.8.0+dfsg-1 |
| tcpdf_project | tcpdf | >= 0 < 6.8.0+dfsg-1 | 6.8.0+dfsg-1 |
| tecnick | tcpdf | < 6.8.0 | 6.8.0 |
| tecnickcom | tc-lib-pdf-font | >= 0 < 2.6.4 | 2.6.4 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
osv7.3HIGH
vendor_debian7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-56520: An issue was discovered in tc-lib-pdf-font before 2
osv·2024-12-27·CVSS 7.3
CVE-2024-56520 [HIGH] CVE-2024-56520: An issue was discovered in tc-lib-pdf-font before 2
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
OSV
tecnickcom/tc-lib-pdf-font mishandles fonts
osv·2024-12-27
CVE-2024-56520 [MEDIUM] tecnickcom/tc-lib-pdf-font mishandles fonts
tecnickcom/tc-lib-pdf-font mishandles fonts
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
GHSA
tecnickcom/tc-lib-pdf-font mishandles fonts
ghsa·2024-12-27
CVE-2024-56520 [MEDIUM] tecnickcom/tc-lib-pdf-font mishandles fonts
tecnickcom/tc-lib-pdf-font mishandles fonts
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
Debian
CVE-2024-56520: tcpdf - An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before...
vendor_debian·2024·CVSS 7.3
CVE-2024-56520 [HIGH] CVE-2024-56520: tcpdf - An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before...
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
Scope: local
bookworm: resolved (fixed in 6.6.2+dfsg1-1+deb12u1)
bullseye: resolved (fixed in 6.3.5+dfsg1-1+deb11u1)
forky: resolved (fixed in 6.8.0+dfsg-1)
sid: resolved (fixed in 6.8.0+dfsg-1)
trixie: resolved (fixed in 6.8.0+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fehttps://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4https://tcpdf.orghttps://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
2024-12-27
Published