Tecnickcom/tcpdf
This hub aggregates every CVE we track for Tecnickcom/tcpdf, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
2
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM2CRITICAL2
Monthly trend
0
0
0
0
1
4
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Tecnickcom/tcpdf.
- CVE-2024-56519An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.7.5
- CVE-2024-56521An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.9.8
- CVE-2024-56522An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.7.5
- CVE-2024-56527An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.7.5
- CVE-2024-51058Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potential...6.2
- CVE-2024-22640TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.7.5
- CVE-2024-32489TCPDF before 6.7.4 mishandles calls that use HTML syntax.6.1
- CVE-2018-17057An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.9.8
Product normalization is registry-driven with AI assist and human review. How it works