9 matches found
CVE-2024-56521
The CVE-2024-56521 issue affects TCPDF prior to 6.8.0. When libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely, enabling a high-severity, network‑based impact per CVSS 3.1 data (base score 9.8). Public advisories (e.g., Fedora updates FEDORA-2024-d6b0e72e3d and FE...
CVE-2024-56527
CVE-2024-56527 affects the TCPDF PHP class. The issue is in the Error() function, which lacks an htmlspecialchars escape for the error message. This is a code-level input handling flaw in TCPDF prior to 6.8.0. Connected advisories from Debian (DLA-4199/DSA-5933) show multiple TCPDF CVEs, includin...
CVE-2024-22641
CVE-2024-22641 affects TCPDF and causes Regular Expression Denial of Service when parsing specially crafted SVG files. Public reports show multiple distributions addressing it: Debian (bookworm: 6.6.2+dfsg1-1+deb12u1; bullseye: 6.3.5+dfsg1-1+deb11u1), Fedora (6.7.7), and Debian LTS DSAs provide f...
CVE-2024-32489
TCPDF vulnerability CVE-2024-32489 involves mishandling calls that use HTML syntax. Connected advisories confirm impact across Debian releases with multiple CVEs in TCPDF and provide versioned fixes: Debian bullseye updates to 6.3.5+dfsg1-1+deb11u1; Debian bookworm fixes to 6.6.2+dfsg1-1+deb12u1;...
CVE-2024-22640
TCPDF (PHP class for generating PDFs) is affected by CVE-2024-22640. The root cause is a Regular Expression Denial of Service in parsing untrusted HTML when a crafted color is processed, with affected versions reported as
CVE-2024-56522
TCPDF vulnerability CVE-2024-56522 affects TCPDF before 6.8.0, where unserializeTCPDFtag uses loose comparison ( != ) and does not use a constant-time function to compare tag hashes. The issue is reported with CVSS v3.1: High (7.5) risk, network attack vector, no privileges required, no user inte...
CVE-2024-56519
TCPDF vulnerability CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family attribute, enabling potential impact per CVSS 3.1/7.5 (HIGH) with network attack vector and no user interaction. Affected library: TCPDF prior to 6.8.0. Mitigation: upgrade to 6.8.0 or later when available. Deb...
CVE-2024-51058
CVE-2024-51058 is a Local File Inclusion (LFI) vulnerability in TCPDF. Impact: reading arbitrary server files via an src tag. Affects TCPDF 6.7.5 (per initial description). Exploitation details are not provided beyond the LFI vector; no in‑the‑wild exploitation data is included in the supplied d...
CVE-2017-6100
CVE-2017-6100 affects TCPDF prior to 6.2.0. The vulnerability is a local file inclusion flaw that enables the server to upload PDF-generated files to an external FTP server. Reported behavior across sources consistently notes that versions before 6.2.0 are impacted; a fix is to upgrade to 6.2.0 o...