CVE-2024-56520
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2024-56520 is a newly disclosed vulnerability affecting tc-lib-pdf-font versions prior to 2.6.4 and TCPDF versions before 6.8.0, as well as other products. This issue arises from the mishandling of fonts in these software packages. Specifically, the FontBBox for both Type 1 and TrueType fonts is misparsed, potentially leading to security vulnerabilities. The exact nature and consequences of these vulnerabilities are not yet fully understood, but it is recommended that affected users upgrade to the latest versions of their software as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.