Skip to content

tecnickcom/tc-lib-pdf-font mishandles fonts

Moderate severity GitHub Reviewed Published Dec 27, 2024 to the GitHub Advisory Database • Updated Dec 27, 2024

Package

composer tecnickcom/tc-lib-pdf-font (Composer)

Affected versions

< 2.6.4

Patched versions

2.6.4

Description

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.

References

Published by the National Vulnerability Database Dec 27, 2024
Published to the GitHub Advisory Database Dec 27, 2024
Reviewed Dec 27, 2024
Last updated Dec 27, 2024

Severity

Moderate

EPSS score

0.045%
(17th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2024-56520

GHSA ID

GHSA-grhh-r4jj-8jh7

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.