tecnickcom/tcpdf
Packagist8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tecnickcom/tcpdfpage 1 of 1
- CVE-2018-17057CRITICALCVSS 9.8✓ Fixed in 6.2.222018-09-14
vulnerable: 6.0.013 ... 6.2.9 (108 versions)
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
- CVE-2024-22640HIGHCVSS 7.5EG 7.5✓ Fixed in 6.7.52024-04-19
vulnerable: 6.0.013 ... 6.7.4 (127 versions)
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
- CVE-2024-32489MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.7.42024-04-15
vulnerable: 6.0.013 ... 6.6.2 (126 versions)
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
- CVE-2024-51058MEDIUMCVSS 6.2EG 6.2✓ Fixed in 6.7.62024-11-26
vulnerable: 6.0.013 ... 6.7.5 (128 versions)
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.
- CVE-2024-56519HIGHCVSS 7.5EG 7.5✓ Fixed in 6.8.02024-12-27
vulnerable: 6.0.013 ... 6.7.8 (131 versions)
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
- CVE-2024-56521CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.8.02024-12-27
vulnerable: 6.0.013 ... 6.7.8 (131 versions)
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
- CVE-2024-56522HIGHCVSS 7.5EG 7.5✓ Fixed in 6.8.02024-12-27
vulnerable: 6.0.013 ... 6.7.8 (131 versions)
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
- CVE-2024-56527HIGHCVSS 7.5EG 7.5✓ Fixed in 6.8.02024-12-27
vulnerable: 6.0.013 ... 6.7.8 (131 versions)
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
Check whether tecnickcom/tcpdf is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tecnickcom/tcpdf CVEs against the assets you own.
Start Free Scan →