Lucene search
+L

220 matches found

Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.13 views

PT-2024-36830 · Tcpdf +2 · Tcpdf +2

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in TCPDF. If libcurl is used, CURLOPT SSL VERIFYHOST and CURLOPT SSL VERIFYPEER are set unsafely. Recommendations: For versions prior to 6.8.0, update to version 6.8.0 or late...

9.8CVSS6.8AI score0.00748EPSS
Exploits0References24
CVE
CVE
added 2024/12/27 12:0 a.m.87 views

CVE-2024-56519

TCPDF vulnerability CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family attribute, enabling potential impact per CVSS 3.1/7.5 (HIGH) with network attack vector and no user interaction. Affected library: TCPDF prior to 6.8.0. Mitigation: upgrade to 6.8.0 or later when available. Deb...

7.5CVSS7AI score0.00624EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.12 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

6.8AI score0.00624EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.8 views

PT-2024-36829 · Tcpdf +2 · Tcpdf +2

Name of the Vulnerable Software and Affected Versions: tc-lib-pdf-font versions prior to 2.6.4 TCPDF versions prior to 6.8.0 Description: The issue is related to the mishandling of fonts, specifically the misparsing of FontBBox for Type 1 and TrueType fonts. This problem affects the management of...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References31
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.5 views

PT-2024-36832 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References35
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.27 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS5.2AI score0.00748EPSS
Exploits0
OSV
OSV
added 2024/12/27 12:0 a.m.17 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS6.7AI score0.00752EPSS
Exploits1References7
OSV
OSV
added 2024/12/27 12:0 a.m.10 views

CVE-2024-56520

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...

7.3CVSS6.7AI score0.0055EPSS
Exploits0References8
OSV
OSV
added 2024/12/27 12:0 a.m.12 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS6.7AI score0.00748EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.9 views

CVE-2024-56520

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...

7.2AI score0.0055EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.15 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS5.2AI score0.00615EPSS
Exploits0
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.19 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

0.00624EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.31 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

0.00752EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.31 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

0.00748EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.20 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

0.00615EPSS
Exploits0References4
CVE
CVE
added 2024/12/27 12:0 a.m.621 views

CVE-2024-56527

CVE-2024-56527 affects the TCPDF PHP class. The issue is in the Error() function, which lacks an htmlspecialchars escape for the error message. This is a code-level input handling flaw in TCPDF prior to 6.8.0. Connected advisories from Debian (DLA-4199/DSA-5933) show multiple TCPDF CVEs, includin...

7.5CVSS7.2AI score0.00752EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.18 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS5.2AI score0.00752EPSS
Exploits1
OSV
OSV
added 2024/12/27 12:0 a.m.22 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS6.6AI score0.00615EPSS
Exploits0References7
OSV
OSV
added 2024/12/27 12:0 a.m.13 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS6.7AI score0.00624EPSS
Exploits0References6
Veracode
Veracode
added 2024/12/09 7:56 a.m.8 views

Local File Inclusion (LFI)

tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...

6.2CVSS6.5AI score0.00816EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder