CVE-2024-56527

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions TCPDF versions prior to 6.8.0

Description An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling.

Recommendations For versions prior to 6.8.0, update to version 6.8.0 or later to resolve the issue. As a temporary workaround, consider disabling the Error function until a patch is available. Restrict access to the Error function to minimize the risk of exploitation. Avoid using the Error function in sensitive areas of the application until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-10864

CVE-2024-56527

DLA-4199-1

DSA-5933-1

GHSA-QX95-CWH6-9MVQ

MGASA-2025-0059

Affected Products

Debian

Red Os

Tcpdf

CVE-2024-56527

Weakness Enumeration

Related Identifiers

Affected Products

References · 28