Tcpdf Security Vulnerabilities and Issues — Tcpdf CVE List | Vulners.com

Lucene search

K

Tcpdf ProjectTcpdf

8 matches found

CVE•added 2024/12/27 5:15 a.m.•796 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

9.8CVSS7AI score0.00209EPSS

CVE•added 2024/12/27 6:15 a.m.•601 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

7.5CVSS7.2AI score0.00543EPSS

CVE•added 2024/05/28 9:16 p.m.•116 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.

7.5CVSS6.7AI score0.11044EPSS

CVE•added 2024/04/19 4:15 p.m.•97 views

CVE-2024-22640

TCPDF version

7.5CVSS6.2AI score0.01324EPSS

CVE•added 2024/04/15 6:15 a.m.•85 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax.

6.1CVSS6.5AI score0.00232EPSS

CVE•added 2024/12/27 5:15 a.m.•71 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

7.5CVSS7AI score0.00095EPSS

CVE•added 2024/12/27 5:15 a.m.•68 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

7.5CVSS6.9AI score0.00126EPSS

CVE•added 2024/11/26 6:15 p.m.•53 views

CVE-2024-51058

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.

6.2CVSS6.8AI score0.0008EPSS