61 matches found
CVE-2024-51058
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...
PT-2024-34506 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF version 6.7.5 Description: A Local File Inclusion LFI issue has been discovered, allowing a user to read arbitrary files from the server's file system through the src tag in an img element, potentially exposing sensitive information...
Fedora 41 : php-tcpdf (2024-b00678c08a)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b00678c08a advisory. Version 6.7.7 2024-10-26 - Update regular expression to avoid ReDoS CVE-2024-22641 - PHP 8.4 Fix: Curl CURLOPTBINARYTRANSFER deprecated 675 - SVG detection f...
CVE-2024-22641
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...
EUVD-2024-20174
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...
PT-2024-19517 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions 6.6.5 and earlier Description: The issue arises when parsing an untrusted SVG file, leading to a ReDoS Regular Expression Denial of Service condition. This occurs due to the inefficient handling of regular expressions within th...
CVE-2024-22640
TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...
PT-2024-19516 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions = 6.6.5 Description: The issue concerns a ReDoS Regular Expression Denial of Service vulnerability that occurs when parsing an untrusted HTML page with a crafted color. This can lead to a denial of service. Recommendations: For...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
PT-2024-24611 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.7.4 Description: The issue is related to how TCPDF handles calls that use HTML syntax. This mishandling can potentially lead to security issues. Recommendations: For versions prior to 6.7.4, update to version 6.7.4 o...
CVE-2022-30351
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to...
TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit
TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it ...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
Deserialization of untrusted data
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
MGASA-2017-0067 Updated php-tcpdf packages fix security vulnerability
A local file inclusion vulnerability in TCPDF allows to upload files from the server generating PDF files to an external FTP server CVE-2017-6100. The updated php-tcpdf-6.0.098-1.1.mga5 package fixes this issue by setting KTCPDFCALLSINHTML configuration parameter to false by default...
TCPDF Local File Inclusion Vulnerability
TCPDF is an open source for generating PDF documents of PHP classes . A local file inclusion vulnerability exists in versions of TCPDF prior to 6.2.0, which stems from the program failing to adequately filter user-submitted input. An attacker could exploit this vulnerability to obtain sensitive...