TCPDF vulnerable to Regular Expression Denial of Service · CVE-2024-22640 · GitHub Advisory Database · GitHub

TCPDF vulnerable to Regular Expression Denial of Service

Moderate severity GitHub Reviewed Published Apr 19, 2024 to the GitHub Advisory Database • Updated May 2, 2024

Package

tecnickcom/tcpdf (Composer)

Affected versions

<= 6.7.4

Patched versions

None

Description

TCPDF version <=6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

References

Published by the National Vulnerability Database

Apr 19, 2024

Published to the GitHub Advisory Database Apr 19, 2024

Reviewed Apr 19, 2024

Last updated May 2, 2024