Lucene search
K
Tcpdf ProjectTcpdf

9 matches found

CVE
CVE
added 2024/12/27 12:0 a.m.815 views

CVE-2024-56521

The CVE-2024-56521 issue affects TCPDF prior to 6.8.0. When libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely, enabling a high-severity, network‑based impact per CVSS 3.1 data (base score 9.8). Public advisories (e.g., Fedora updates FEDORA-2024-d6b0e72e3d and FE...

9.8CVSS7AI score0.00748EPSS
CVE
CVE
added 2024/12/27 12:0 a.m.619 views

CVE-2024-56527

CVE-2024-56527 affects the TCPDF PHP class. The issue is in the Error() function, which lacks an htmlspecialchars escape for the error message. This is a code-level input handling flaw in TCPDF prior to 6.8.0. Connected advisories from Debian (DLA-4199/DSA-5933) show multiple TCPDF CVEs, includin...

7.5CVSS7.2AI score0.00752EPSS
CVE
CVE
added 2024/05/28 8:17 p.m.132 views

CVE-2024-22641

CVE-2024-22641 affects TCPDF and causes Regular Expression Denial of Service when parsing specially crafted SVG files. Public reports show multiple distributions addressing it: Debian (bookworm: 6.6.2+dfsg1-1+deb12u1; bullseye: 6.3.5+dfsg1-1+deb11u1), Fedora (6.7.7), and Debian LTS DSAs provide f...

7.5CVSS6.7AI score0.01113EPSS
CVE
CVE
added 2024/04/15 12:0 a.m.128 views

CVE-2024-32489

TCPDF vulnerability CVE-2024-32489 involves mishandling calls that use HTML syntax. Connected advisories confirm impact across Debian releases with multiple CVEs in TCPDF and provide versioned fixes: Debian bullseye updates to 6.3.5+dfsg1-1+deb11u1; Debian bookworm fixes to 6.6.2+dfsg1-1+deb12u1;...

6.1CVSS6.5AI score0.00582EPSS
CVE
CVE
added 2024/04/19 12:0 a.m.113 views

CVE-2024-22640

TCPDF (PHP class for generating PDFs) is affected by CVE-2024-22640. The root cause is a Regular Expression Denial of Service in parsing untrusted HTML when a crafted color is processed, with affected versions reported as

7.5CVSS6.2AI score0.01325EPSS
CVE
CVE
added 2024/12/27 12:0 a.m.88 views

CVE-2024-56522

TCPDF vulnerability CVE-2024-56522 affects TCPDF before 6.8.0, where unserializeTCPDFtag uses loose comparison ( != ) and does not use a constant-time function to compare tag hashes. The issue is reported with CVSS v3.1: High (7.5) risk, network attack vector, no privileges required, no user inte...

7.5CVSS6.9AI score0.00615EPSS
CVE
CVE
added 2024/12/27 12:0 a.m.86 views

CVE-2024-56519

TCPDF vulnerability CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family attribute, enabling potential impact per CVSS 3.1/7.5 (HIGH) with network attack vector and no user interaction. Affected library: TCPDF prior to 6.8.0. Mitigation: upgrade to 6.8.0 or later when available. Deb...

7.5CVSS7AI score0.00624EPSS
CVE
CVE
added 2024/11/26 12:0 a.m.72 views

CVE-2024-51058

CVE-2024-51058 is a Local File Inclusion (LFI) vulnerability in TCPDF. Impact: reading arbitrary server files via an src tag. Affects TCPDF 6.7.5 (per initial description). Exploitation details are not provided beyond the LFI vector; no in‑the‑wild exploitation data is included in the supplied d...

6.2CVSS6.8AI score0.00816EPSS
CVE
CVE
added 2017/02/23 7:0 p.m.55 views

CVE-2017-6100

CVE-2017-6100 affects TCPDF prior to 6.2.0. The vulnerability is a local file inclusion flaw that enables the server to upload PDF-generated files to an external FTP server. Reported behavior across sources consistently notes that versions before 6.2.0 are impacted; a fix is to upgrade to 6.2.0 o...

7.5CVSS7.4AI score0.0146EPSS