CVE-2024-56527

HIGH EPSS 49.1%
Published Dec 27, 20241y ago ยท Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
49.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
tcpdf_projecttcpdf* <6.8.0

References 5

  • andrea0.medium.com https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add
    ExploitThird Party Advisory
  • github.com https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
    Patch
  • github.com https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
    Issue Tracking
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
  • tcpdf.org https://tcpdf.org
    Product

Remediation

  • github.com https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
    Patch