CVE-2024-56520

high

Description

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.

References

https://tcpdf.org

https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4

https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe

Details

Source: Mitre, NVD

Published: 2024-12-27

Updated: 2025-01-02

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

EPSS

EPSS: 0.00089

Detections

Analytics