Moderate severityNVD Advisory· Published Dec 27, 2024· Updated Nov 3, 2025
CVE-2024-56519
CVE-2024-56519
Description
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tecnickcom/tcpdfPackagist | < 6.8.0 | 6.8.0 |
Affected products
2- tecnick/tcpdfv5Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-4p8j-vhjm-6pvwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-56519ghsaADVISORY
- github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4ghsaWEB
- github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0ghsaWEB
- lists.debian.org/debian-lts-announce/2025/06/msg00004.htmlghsaWEB
- tcpdf.orgghsaWEB
News mentions
0No linked articles in our index yet.