MGASA-2025-0059

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0059.html

Import Source

https://advisories.mageia.org/MGASA-2025-0059.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2025-0059

Related

Published

2025-02-12T21:31:42Z

Modified

2025-02-12T21:00:42Z

Summary

Updated php-tcpdf packages fix security vulnerabilities

Details

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. (CVE-2024-56519) An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. (CVE-2024-56521) An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. (CVE-2024-56522) An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. (CVE-2024-56527)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / php-tcpdf

Package

Name: php-tcpdf
Purl: pkg:rpm/mageia/php-tcpdf?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.0-1.3.mga9

Ecosystem specific

{
    "section": "core"
}