CVE-2024-56527
- EPSS 0.68%
- Published 27.12.2024 06:15:23
- Last modified 17.04.2025 02:17:42
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
CVE-2024-56522
- EPSS 0.17%
- Published 27.12.2024 05:15:08
- Last modified 17.04.2025 02:12:05
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
CVE-2024-56519
- EPSS 0.13%
- Published 27.12.2024 05:15:07
- Last modified 21.04.2025 15:24:52
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
CVE-2024-56521
- EPSS 0.23%
- Published 27.12.2024 05:15:07
- Last modified 21.04.2025 15:25:11
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
CVE-2024-51058
- EPSS 0.09%
- Published 26.11.2024 18:15:19
- Last modified 03.06.2025 14:21:08
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.
CVE-2024-22641
- EPSS 11.04%
- Published 28.05.2024 21:16:29
- Last modified 21.05.2025 18:08:48
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
CVE-2024-22640
- EPSS 1.32%
- Published 19.04.2024 16:15:09
- Last modified 21.05.2025 18:09:01
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
CVE-2024-32489
- EPSS 0.16%
- Published 15.04.2024 06:15:11
- Last modified 21.05.2025 18:09:30
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
CVE-2017-6100
- EPSS 0.31%
- Published 23.02.2017 19:59:00
- Last modified 20.04.2025 01:37:25
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.