PT-2024-36829 · Unknown+3 · Tc-Lib-Pdf-Font+3

Published

2024-12-27

Updated

2025-08-21

CVE-2024-56520

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions tc-lib-pdf-font versions prior to 2.6.4 TCPDF versions prior to 6.8.0

Description The issue is related to the mishandling of fonts, specifically the misparsing of FontBBox for Type 1 and TrueType fonts. This problem affects the management of fonts in the affected software.

Recommendations For tc-lib-pdf-font versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. For TCPDF versions prior to 6.8.0, update to version 6.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of Type 1 and TrueType fonts in the affected software until a patch is available.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2025-10829

CVE-2024-56520

DLA-4199-1

DSA-5933-1

GHSA-GRHH-R4JJ-8JH7

Affected Products

Debian

Red Os

Tcpdf

Tc-Lib-Pdf-Font

PT-2024-36829 · Unknown+3 · Tc-Lib-Pdf-Font+3

CVE-2024-56520

Weakness Enumeration

Related Identifiers

Affected Products

References · 24