Tecnick Tcpdf
6 CVEs affecting Tecnick Tcpdf. Latest disclosed: 2024-12-27. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-56521 | Critical | 9.8 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. |
CVE-2018-17057 | Critical | 9.8 | 2018-09-14 | An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. |
CVE-2024-56527 | High | 7.5 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. |
CVE-2024-56522 | High | 7.5 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF ta… |
CVE-2024-56519 | High | 7.5 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. |
CVE-2024-56520 | High | 7.3 | 2024-12-27 | An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and… |