220 matches found
PT-2024-36830 · Tcpdf +2 · Tcpdf +2
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in TCPDF. If libcurl is used, CURLOPT SSL VERIFYHOST and CURLOPT SSL VERIFYPEER are set unsafely. Recommendations: For versions prior to 6.8.0, update to version 6.8.0 or late...
CVE-2024-56519
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
PT-2024-36832 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...
CVE-2024-56519
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
CVE-2024-56520
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...
PT-2024-36829 · Tcpdf +2 · Tcpdf +2
Name of the Vulnerable Software and Affected Versions: tc-lib-pdf-font versions prior to 2.6.4 TCPDF versions prior to 6.8.0 Description: The issue is related to the mishandling of fonts, specifically the misparsing of FontBBox for Type 1 and TrueType fonts. This problem affects the management of...
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
CVE-2024-56519
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
CVE-2024-56520
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...
CVE-2024-56519
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56521
The CVE-2024-56521 issue affects TCPDF prior to 6.8.0. When libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely, enabling a high-severity, network‑based impact per CVSS 3.1 data (base score 9.8). Public advisories (e.g., Fedora updates FEDORA-2024-d6b0e72e3d and FE...
Local File Inclusion (LFI)
tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...