VulnerableCode Package Details - pkg:composer/tecnickcom/tcpdf@6.7.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-9w5p-pk6t-pkeb Aliases: CVE-2024-56521 GHSA-9mgx-552f-59p6	An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.	6.8.0 Affected by 0 other vulnerabilities.
VCID-mfyb-t5sz-g7ed Aliases: CVE-2024-56519 GHSA-4p8j-vhjm-6pvw	An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.	6.8.0 Affected by 0 other vulnerabilities.
VCID-s9np-7v18-suc7 Aliases: CVE-2024-56527 GHSA-qx95-cwh6-9mvq	An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.	6.8.0 Affected by 0 other vulnerabilities.
VCID-xsde-1m6b-j7ds Aliases: CVE-2024-56522 GHSA-w95c-7994-ghpr	An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.	6.8.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9w5p-pk6t-pkeb
Aliases:
CVE-2024-56521
GHSA-9mgx-552f-59p6

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

6.8.0
Affected by 0 other vulnerabilities.

VCID-mfyb-t5sz-g7ed
Aliases:
CVE-2024-56519
GHSA-4p8j-vhjm-6pvw

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

6.8.0
Affected by 0 other vulnerabilities.

VCID-s9np-7v18-suc7
Aliases:
CVE-2024-56527
GHSA-qx95-cwh6-9mvq

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

6.8.0
Affected by 0 other vulnerabilities.

VCID-xsde-1m6b-j7ds
Aliases:
CVE-2024-56522
GHSA-w95c-7994-ghpr

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

6.8.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:48:51.929888+00:00	GitLab Importer	Affected by	VCID-xsde-1m6b-j7ds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56522.yml	38.6.0
2026-06-12T19:48:50.948898+00:00	GitLab Importer	Affected by	VCID-9w5p-pk6t-pkeb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56521.yml	38.6.0
2026-06-12T19:48:50.281916+00:00	GitLab Importer	Affected by	VCID-s9np-7v18-suc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56527.yml	38.6.0
2026-06-12T19:48:49.605884+00:00	GitLab Importer	Affected by	VCID-mfyb-t5sz-g7ed	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56519.yml	38.6.0