{"id":"MGASA-2025-0059","summary":"Updated php-tcpdf packages fix security vulnerabilities","details":"An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not\nsanitize the SVG font-family attribute. (CVE-2024-56519)\nAn issue was discovered in TCPDF before 6.8.0. If libcurl is used,\nCURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.\n(CVE-2024-56521)\nAn issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses\n!= (aka loose comparison) and does not use a constant-time function to\ncompare TCPDF tag hashes. (CVE-2024-56522)\nAn issue was discovered in TCPDF before 6.8.0. The Error function lacks\nan htmlspecialchars call for the error message. (CVE-2024-56527)\n","modified":"2026-02-04T03:39:54.999171Z","published":"2025-02-12T21:31:42Z","related":["CVE-2024-56519","CVE-2024-56521","CVE-2024-56522","CVE-2024-56527"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0059.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33898"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZX3ABLKKEVGN4M4BBUJFPBNWW5SHP7J3/"}],"affected":[{"package":{"name":"php-tcpdf","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/php-tcpdf?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.5.0-1.3.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0059.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}