CVE-2024-51058

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.

References

Affected packages

Debian:11 / tcpdf

Package

Name: tcpdf
Purl: pkg:deb/debian/tcpdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.5+dfsg1-1+deb11u1

Affected versions

6.*

6.3.5+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tcpdf

Package

Name: tcpdf
Purl: pkg:deb/debian/tcpdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.2+dfsg1-1+deb12u1

Affected versions

6.*

6.6.2+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tcpdf

Package

Name: tcpdf
Purl: pkg:deb/debian/tcpdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.7+dfsg-1

Affected versions

6.*

6.6.2+dfsg1-1

6.6.3+dfsg1-1

6.6.5+dfsg-1

6.7.4+dfsg-1

6.7.5+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/tecnickcom/tcpdf

Affected ranges

Type: GIT
Repo: https://github.com/tecnickcom/tcpdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b

Affected versions

6.*

6.0.013

6.0.014

6.0.015

6.0.016

6.0.017

6.0.018

6.0.019

6.0.020

6.0.021

6.0.022

6.0.023

6.0.024

6.0.025

6.0.026

6.0.027

6.0.028

6.0.029

6.0.030

6.0.031

6.0.032

6.0.033

6.0.034

6.0.035

6.0.036

6.0.037

6.0.038

6.0.039

6.0.040

6.0.041

6.0.042

6.0.043

6.0.044

6.0.045

6.0.046

6.0.047

6.0.048

6.0.049

6.0.050

6.0.051

6.0.052

6.0.053

6.0.054

6.0.055

6.0.056

6.0.057

6.0.058

6.0.059

6.0.060

6.0.061

6.0.062

6.0.063

6.0.064

6.0.065

6.0.066

6.0.067

6.0.068

6.0.069

6.0.070

6.0.071

6.0.072

6.0.073

6.0.074

6.0.075

6.0.076

6.0.077

6.0.078

6.0.079

6.0.080

6.0.081

6.0.082

6.0.083

6.0.084

6.0.085

6.0.086

6.0.087

6.0.088

6.0.089

6.0.090

6.0.091

6.0.092

6.0.093

6.0.094

6.0.095

6.0.096

6.0.097

6.0.098

6.0.099

6.1.0

6.1.1

6.2.0

6.2.1

6.2.10

6.2.11

6.2.12

6.2.13

6.2.16

6.2.17

6.2.19

6.2.2

6.2.20

6.2.21

6.2.22

6.2.23

6.2.25

6.2.26

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

6.3.0

6.3.1

6.3.2

6.3.3

6.3.4

6.3.5

6.4.0

6.4.1

6.4.2

6.4.3

6.4.4

6.5.0

6.6.0

6.6.1

6.6.2

6.7.4

6.7.5

Other

OLDv6