GHSA-4p8j-vhjm-6pvw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4p8j-vhjm-6pvw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-4p8j-vhjm-6pvw/GHSA-4p8j-vhjm-6pvw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4p8j-vhjm-6pvw
- Aliases
- Published
- 2024-12-27T06:30:47Z
- Modified
- 2025-11-03T23:05:58.156401Z
- Severity
-
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- TCPDF lacks SVG sanitization
- Details
-
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
- Database specific
{ "github_reviewed_at": "2024-12-27T19:52:37Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "nvd_published_at": "2024-12-27T05:15:07Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-56519
- https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
- https://github.com/tecnickcom/TCPDF
- https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
- https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
- https://tcpdf.org
Affected packages
Packagist / tecnickcom/tcpdf
Package
- Name
- tecnickcom/tcpdf
- Purl
- pkg:composer/tecnickcom/tcpdf
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8.0
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.20
6.2.21
6.2.22
6.2.23
6.2.25
6.2.26
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
6.6.1
6.6.2
6.7.4
6.7.5
6.7.6
6.7.7
6.7.8