7.5

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tcpdf ProjectTcpdf Version < 6.8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.453
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
Issue Tracking
https://tcpdf.org
Product
https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
Patch
https://www.php.net/manual/en/types.comparisons.php
Not Applicable
https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html