VDB

GCVE-110-MAGEIA-2025-59

GCVE-110-MAGEIA-2025-59
Advisory Published
Vulnetix · Advisory published February 12, 2025
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. (CVE-2024-56519) An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. (CVE-2024-56521) An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. (CVE-2024-56522) An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. (CVE-2024-56527)

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-tcpdf0 (affected), 6.5.0-1.3.mga9 (unaffected), 0 (affected), 6.5.0-1.3.mga9 (unaffected)
Mageialibvirt0 (affected), 9.10.0-1.mga9 (unaffected)

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›