CVE-2024-56520

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 27, 2024
Updated: Jan 2, 2025

Summary

CVE-2024-56520 is a newly disclosed vulnerability affecting tc-lib-pdf-font versions prior to 2.6.4 and TCPDF versions before 6.8.0, as well as other products. This issue arises from the mishandling of fonts in these software packages. Specifically, the FontBBox for both Type 1 and TrueType fonts is misparsed, potentially leading to security vulnerabilities. The exact nature and consequences of these vulnerabilities are not yet fully understood, but it is recommended that affected users upgrade to the latest versions of their software as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share