CVE-2018-17057
- Source
- https://cve.org/CVERecord?id=CVE-2018-17057
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17057.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-17057
- Aliases
- Downstream
- Published
- 2018-09-14T20:29:00.540Z
- Modified
- 2026-03-13T16:00:44.813790Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
- References
-
- http://seclists.org/fulldisclosure/2019/Mar/36
- https://contao.org/en/news/security-vulnerability-cve-2018-17057.html
- https://www.exploit-db.com/exploits/46634/
- http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html
- https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5
- https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed
- http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html
Affected packages
Git / github.com/limesurvey/limesurvey
Affected ranges
- Type
- Repo
- https://github.com/limesurvey/limesurvey
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1cdd78d27697b3150bb44aaa7af1a81062a591a5
- Type
- GIT
- Repo
- https://github.com/tecnickcom/TCPDF
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "6.2.22" } ] }
- Type
- Repo
- https://github.com/tecnickcom/tcpdf
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1861e33fe05f653b67d070f7c106463e7a5c26ed
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.2
6.2.20
6.2.21
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
Other
OLDv6