7.3
CVE-2024-56520
- EPSS 0.55%
- Veröffentlicht 27.12.2024 05:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
- CVE-Watchlists
- Unerledigt
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellertecnick
≫
Produkt
tcpdf
Default Statusunaffected
Version
0
Version <
6.8.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.422 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
https://tcpdf.org
https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe
https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677
https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4
https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html