Tcpdf Security Vulnerabilities and Issues — Tcpdf CVE List | Vulners.com

Lucene search

K

Tcpdf ProjectTcpdf

9 matches found

CVE•added 2024/12/27 5:15 a.m.•794 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

9.8CVSS7AI score0.00142EPSS

CVE•added 2024/12/27 6:15 a.m.•598 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

7.5CVSS7.2AI score0.00328EPSS

CVE•added 2024/05/28 9:16 p.m.•112 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.

7.5CVSS6.7AI score0.10281EPSS

CVE•added 2024/04/19 4:15 p.m.•91 views

CVE-2024-22640

TCPDF version

7.5CVSS6.2AI score0.0122EPSS

CVE•added 2024/04/15 6:15 a.m.•81 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax.

6.1CVSS6.5AI score0.00205EPSS

CVE•added 2024/12/27 5:15 a.m.•68 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

7.5CVSS7AI score0.00069EPSS

CVE•added 2024/12/27 5:15 a.m.•66 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

7.5CVSS6.9AI score0.0009EPSS

CVE•added 2024/11/26 6:15 p.m.•49 views

CVE-2024-51058

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.

6.2CVSS6.8AI score0.00059EPSS

CVE•added 2017/02/23 7:59 p.m.•42 views

CVE-2017-6100

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.

7.5CVSS7.4AI score0.0031EPSS