TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
CPE | Name | Operator | Version |
---|---|---|---|
tecnickcom/tcpdf | le | 6.7.4 |
github.com/advisories/GHSA-mx3p-fhpw-x6rv
github.com/tecnickcom/TCPDF
github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679
github.com/zunak/CVE-2024-22640
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
nvd.nist.gov/vuln/detail/CVE-2024-22640