Tcpdf_project Tcpdf
9 CVEs affecting Tcpdf_project Tcpdf. Latest disclosed: 2024-12-27. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-56521 | Critical | 9.8 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. |
CVE-2024-56527 | High | 7.5 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. |
CVE-2024-56522 | High | 7.5 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF ta… |
CVE-2024-56519 | High | 7.5 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. |
CVE-2024-22641 | High | 7.5 | 2024-05-28 | TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. |
CVE-2024-22640 | High | 7.5 | 2024-04-19 | TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. |
CVE-2017-6100 | High | 7.5 | 2017-02-23 | tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. |
CVE-2024-51058 | Medium | 6.2 | 2024-11-26 | Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file s… |
CVE-2024-32489 | Medium | 6.1 | 2024-04-15 | TCPDF before 6.7.4 mishandles calls that use HTML syntax. |