{"id":"CVE-2024-56520","details":"An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.","aliases":["GHSA-grhh-r4jj-8jh7"],"modified":"2026-04-09T10:29:22.919701Z","published":"2024-12-27T05:15:07.837Z","references":[{"type":"WEB","url":"https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4"},{"type":"WEB","url":"https://tcpdf.org"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html"},{"type":"WEB","url":"https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0"},{"type":"FIX","url":"https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677"},{"type":"FIX","url":"https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tecnickcom/TCPDF","events":[{"introduced":"0"},{"fixed":"14ffa0e308f5634aa2489568b4b90b24073b6731"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.8.0"}]}},{"type":"GIT","repo":"https://github.com/tecnickcom/tc-lib-pdf-font","events":[{"introduced":"0"},{"fixed":"b13ed8ac002b34454f1a62223168612fb9adc83c"},{"fixed":"30012e333ae611c514ec2dc7cb370bbf4da4e677"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.4"}]}},{"type":"GIT","repo":"https://github.com/tecnickcom/tcpdf","events":[{"introduced":"0"},{"fixed":"a0a02efe487cc39bd5223359e916dbeafb5cd6fe"}]}],"versions":["1.10.0","1.10.3","1.10.5","1.10.6","1.11.0","1.11.1","1.11.10","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.12.0","1.13.0","1.14.0","1.15.0","1.15.1","1.15.10","1.15.3","1.15.4","1.15.5","1.15.6","1.15.7","1.15.9","1.16.1","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.6.0","1.7.0","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.8.0","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.9.0","1.9.3","1.9.6","1.9.7","2.0.11","2.0.13","2.0.7","2.0.8","2.0.9","2.1.1","2.2.2","2.2.3","2.3.1","2.4.0","2.4.1","2.4.2","2.5.0","2.5.1","2.6.0","2.6.1","2.6.2","6.0.013","6.0.014","6.0.015","6.0.016","6.0.017","6.0.018","6.0.019","6.0.020","6.0.021","6.0.022","6.0.023","6.0.024","6.0.025","6.0.026","6.0.027","6.0.028","6.0.029","6.0.030","6.0.031","6.0.032","6.0.033","6.0.034","6.0.035","6.0.036","6.0.037","6.0.038","6.0.039","6.0.040","6.0.041","6.0.042","6.0.043","6.0.044","6.0.045","6.0.046","6.0.047","6.0.048","6.0.049","6.0.050","6.0.051","6.0.052","6.0.053","6.0.054","6.0.055","6.0.056","6.0.057","6.0.058","6.0.059","6.0.060","6.0.061","6.0.062","6.0.063","6.0.064","6.0.065","6.0.066","6.0.067","6.0.068","6.0.069","6.0.070","6.0.071","6.0.072","6.0.073","6.0.074","6.0.075","6.0.076","6.0.077","6.0.078","6.0.079","6.0.080","6.0.081","6.0.082","6.0.083","6.0.084","6.0.085","6.0.086","6.0.087","6.0.088","6.0.089","6.0.090","6.0.091","6.0.092","6.0.093","6.0.094","6.0.095","6.0.096","6.0.097","6.0.098","6.0.099","6.1.0","6.1.1","6.2.0","6.2.1","6.2.10","6.2.11","6.2.12","6.2.13","6.2.16","6.2.17","6.2.19","6.2.2","6.2.20","6.2.21","6.2.22","6.2.23","6.2.25","6.2.26","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","6.2.8","6.2.9","6.3.0","6.3.1","6.3.2","6.3.3","6.3.4","6.3.5","6.4.0","6.4.1","6.4.2","6.4.3","6.4.4","6.5.0","6.6.0","6.6.1","6.6.2","6.7.4","6.7.5","6.7.6","6.7.7","6.7.8","OLDv6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56520.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}