CVE-2024-56520

Published: Dec 27, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.

Vendor	Product	Versions
tecnick	tcpdf	affected `0 - < 6.8.0`

References

https://tcpdf.org

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe

https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677

https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-56520

Description

Affected Products

References