HIGH🇬🇧 English

CVE-2024-56519

CVSS 7.5v3.1pub. 2024-12-27upd. 2025-11-03

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Tcpdf Project Tcpdf

    APP
    Tcpdf Project
    < 6.8.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2024-56521CRITICAL9.8PL ✓ten sam produkt

TCPDF: Nieprawidłowa weryfikacja certyfikatów SSL przy użyciu libcurl

CVE-2024-56527HIGH7.5ten sam produkt

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error...

CVE-2024-56522HIGH7.5ten sam produkt

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not...

CVE-2024-22641HIGH7.5ten sam produkt

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an unt...

CVE-2024-22640HIGH7.5ten sam produkt

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HT...