VYPR
← All advisories
High severity7.3NVD Advisory· Published Dec 27, 2024· Updated Apr 15, 2026

CVE-2024-56520

CVE-2024-56520

Description

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tecnickcom/tc-lib-pdf-fontPackagist
< 2.6.42.6.4

Patches

4
30012e333ae6

Ipmproved parsing of TypeOne FontBBox

https://github.com/tecnickcom/tc-lib-pdf-fontnicolaasuniDec 23, 2024via ghsa
commit
2 files changed · +6 5
  • src/Import/TypeOne.php+5 4 modified
    @@ -87,10 +87,11 @@ protected function extractFontInfo(): void
 
         $this->fdt['name'] = $name;
         preg_match('#/FontBBox[\s]*+{([^}]*+)#', $this->font, $matches);
-        $this->fdt['bbox'] = trim($matches[1]);
-        $bvl = explode(' ', $this->fdt['bbox']);
-        $this->fdt['Ascent'] = (int) $bvl[3];
-        $this->fdt['Descent'] = (int) $bvl[1];
+        $rawbvl = explode(' ', trim($matches[1]));
+        $bvl = [(int) $rawbvl[0], (int) $rawbvl[1], (int) $rawbvl[2], (int) $rawbvl[3]];
+        $this->fdt['bbox'] = implode(' ', $bvl);
+        $this->fdt['Ascent'] = $bvl[3];
+        $this->fdt['Descent'] = $bvl[1];
         preg_match('#/ItalicAngle[\s]*+([0-9\+\-]*+)#', $this->font, $matches);
         $this->fdt['italicAngle'] = (int) $matches[1];
  • VERSION+1 1 modified
    @@ -1 +1 @@
-2.6.2
+2.6.3
14ffa0e308f5
https://github.com/tecnickcom/TCPDFvia osv
b13ed8ac002b
https://github.com/tecnickcom/tc-lib-pdf-fontvia osv
a0a02efe487c

Add some addTTFfont fixes from tc-lib-pdf-font

https://github.com/tecnickcom/TCPDFnicolaasuniDec 23, 2024via ghsa
commit
2 files changed · +23 21
  • CHANGELOG.TXT+1 0 modified
    @@ -3,6 +3,7 @@
 	- Escape error message.
 	- Use strict time-constant function to compare TCPDF-tag hashes.
 	- Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed).
+	- Add some addTTFfont fixes from tc-lib-pdf-font.
 
 
 6.7.8 (2024-12-13)
  • include/tcpdf_fonts.php+22 21 modified
    @@ -1,13 +1,13 @@
 <?php
 //============================================================+
 // File name   : tcpdf_fonts.php
-// Version     : 1.1.0
+// Version     : 1.1.1
 // Begin       : 2008-01-01
-// Last Update : 2014-12-10
+// Last Update : 2024-12-23
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
-// Copyright (C) 2008-2014 Nicola Asuni - Tecnick.com LTD
+// Copyright (C) 2008-2024 Nicola Asuni - Tecnick.com LTD
 //
 // This file is part of TCPDF software library.
 //
@@ -42,7 +42,7 @@
  * @class TCPDF_FONTS
  * Font methods for TCPDF library.
  * @package com.tecnick.tcpdf
- * @version 1.1.0
+ * @version 1.1.1
  * @author Nicola Asuni - info@tecnick.com
  */
 class TCPDF_FONTS {
@@ -191,29 +191,30 @@ public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $
 			fclose($fp);
 			// get font info
 			$fmetric['Flags'] = $flags;
-			preg_match ('#/FullName[\s]*\(([^\)]*)#', $font, $matches);
+			preg_match ('#/FullName[\s]*+\(([^\)]*+)#', $font, $matches);
 			$fmetric['name'] = preg_replace('/[^a-zA-Z0-9_\-]/', '', $matches[1]);
-			preg_match('#/FontBBox[\s]*{([^}]*)#', $font, $matches);
-			$fmetric['bbox'] = trim($matches[1]);
-			$bv = explode(' ', $fmetric['bbox']);
-			$fmetric['Ascent'] = intval($bv[3]);
-			$fmetric['Descent'] = intval($bv[1]);
-			preg_match('#/ItalicAngle[\s]*([0-9\+\-]*)#', $font, $matches);
+			preg_match('#/FontBBox[\s]*+{([^}]*+)#', $font, $matches);
+			$rawbvl = explode(' ', trim($matches[1]));
+			$bvl = [(int) $rawbvl[0], (int) $rawbvl[1], (int) $rawbvl[2], (int) $rawbvl[3]];
+			$fmetric['bbox'] = implode(' ', $bvl);
+			$fmetric['Ascent'] = $bvl[3];
+			$fmetric['Descent'] = $bvl[1];
+			preg_match('#/ItalicAngle[\s]*+([0-9\+\-]*+)#', $font, $matches);
 			$fmetric['italicAngle'] = intval($matches[1]);
 			if ($fmetric['italicAngle'] != 0) {
 				$fmetric['Flags'] |= 64;
 			}
-			preg_match('#/UnderlinePosition[\s]*([0-9\+\-]*)#', $font, $matches);
+			preg_match('#/UnderlinePosition[\s]*+([0-9\+\-]*+)#', $font, $matches);
 			$fmetric['underlinePosition'] = intval($matches[1]);
-			preg_match('#/UnderlineThickness[\s]*([0-9\+\-]*)#', $font, $matches);
+			preg_match('#/UnderlineThickness[\s]*+([0-9\+\-]*+)#', $font, $matches);
 			$fmetric['underlineThickness'] = intval($matches[1]);
-			preg_match('#/isFixedPitch[\s]*([^\s]*)#', $font, $matches);
+			preg_match('#/isFixedPitch[\s]*+([^\s]*+)#', $font, $matches);
 			if ($matches[1] == 'true') {
 				$fmetric['Flags'] |= 1;
 			}
 			// get internal map
 			$imap = array();
-			if (preg_match_all('#dup[\s]([0-9]+)[\s]*/([^\s]*)[\s]put#sU', $font, $fmap, PREG_SET_ORDER) > 0) {
+			if (preg_match_all('#dup[\s]([0-9]+)[\s]*+/([^\s]*+)[\s]put#sU', $font, $fmap, PREG_SET_ORDER) > 0) {
 				foreach ($fmap as $v) {
 					$imap[$v[2]] = $v[1];
 				}
@@ -229,22 +230,22 @@ public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $
 				$eplain .= chr($chr ^ ($r >> 8));
 				$r = ((($chr + $r) * $c1 + $c2) % 65536);
 			}
-			if (preg_match('#/ForceBold[\s]*([^\s]*)#', $eplain, $matches) > 0) {
+			if (preg_match('#/ForceBold[\s]*+([^\s]*+)#', $eplain, $matches) > 0) {
 				if ($matches[1] == 'true') {
 					$fmetric['Flags'] |= 0x40000;
 				}
 			}
-			if (preg_match('#/StdVW[\s]*\[([^\]]*)#', $eplain, $matches) > 0) {
+			if (preg_match('#/StdVW[\s]*+\[([^\]]*+)#', $eplain, $matches) > 0) {
 				$fmetric['StemV'] = intval($matches[1]);
 			} else {
 				$fmetric['StemV'] = 70;
 			}
-			if (preg_match('#/StdHW[\s]*\[([^\]]*)#', $eplain, $matches) > 0) {
+			if (preg_match('#/StdHW[\s]*+\[([^\]]*+)#', $eplain, $matches) > 0) {
 				$fmetric['StemH'] = intval($matches[1]);
 			} else {
 				$fmetric['StemH'] = 30;
 			}
-			if (preg_match('#/BlueValues[\s]*\[([^\]]*)#', $eplain, $matches) > 0) {
+			if (preg_match('#/BlueValues[\s]*+\[([^\]]*+)#', $eplain, $matches) > 0) {
 				$bv = explode(' ', $matches[1]);
 				if (count($bv) >= 6) {
 					$v1 = intval($bv[2]);
@@ -265,15 +266,15 @@ public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $
 				$fmetric['CapHeight'] = 700;
 			}
 			// get the number of random bytes at the beginning of charstrings
-			if (preg_match('#/lenIV[\s]*([0-9]*)#', $eplain, $matches) > 0) {
+			if (preg_match('#/lenIV[\s]*+([\d]*+)#', $eplain, $matches) > 0) {
 				$lenIV = intval($matches[1]);
 			} else {
 				$lenIV = 4;
 			}
 			$fmetric['Leading'] = 0;
 			// get charstring data
 			$eplain = substr($eplain, (strpos($eplain, '/CharStrings') + 1));
-			preg_match_all('#/([A-Za-z0-9\.]*)[\s][0-9]+[\s]RD[\s](.*)[\s]ND#sU', $eplain, $matches, PREG_SET_ORDER);
+			preg_match_all('#/([A-Za-z0-9\.]*+)[\s][0-9]+[\s]RD[\s](.*)[\s]ND#sU', $eplain, $matches, PREG_SET_ORDER);
 			if (!empty($enc) AND isset(TCPDF_FONT_DATA::$encmap[$enc])) {
 				$enc_map = TCPDF_FONT_DATA::$encmap[$enc];
 			} else {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.