CVE-2024-56521

EUVD-2024-3571
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
tcpdf_projecttcpdf
𝑥
< 6.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tcpdf
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
6.10.1+dfsg-2
fixed
sid
6.10.1+dfsg-2
fixed
trixie
6.9.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tcpdf
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
not-affected
questing
not-affected
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554
https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
https://tcpdf.org