CVE-2024-56521

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 Product
https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0 Patch
https://tcpdf.org Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:tcpdf_project:tcpdf:*:*:*:*:*:*:*:*
History

21 Apr 2025, 15:25

Type Values Removed Values Added
First Time Tcpdf Project tcpdf
Tcpdf Project
CPE cpe:2.3:a:tcpdf_project:tcpdf:*:*:*:*:*:*:*:*
References () https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 - () https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 - Product
References () https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0 - () https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0 - Patch
References () https://tcpdf.org - () https://tcpdf.org - Product

24 Mar 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

18 Feb 2025, 22:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown

31 Dec 2024, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Summary
  • (es) Se descubrió un problema en TCPDF antes de la versión 6.8.0. Si se utiliza libcurl, CURLOPT_SSL_VERIFYHOST y CURLOPT_SSL_VERIFYPEER se configuran de forma no segura.

27 Dec 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-27 05:15

Updated : 2025-04-21 15:25

NVD link : CVE-2024-56521

Mitre link : CVE-2024-56521

CVE.ORG link : CVE-2024-56521

JSON object : View

Products Affected

tcpdf_project

  • tcpdf
CWE
CWE-295

Improper Certificate Validation