GHSA-mx3p-fhpw-x6rv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mx3p-fhpw-x6rv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mx3p-fhpw-x6rv/GHSA-mx3p-fhpw-x6rv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mx3p-fhpw-x6rv
- Aliases
- Published
- 2024-04-19T18:31:11Z
- Modified
- 2025-11-04T20:44:01.330473Z
- Severity
-
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- TCPDF vulnerable to Regular Expression Denial of Service
- Details
-
TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-1333" ], "nvd_published_at": "2024-04-19T16:15:09Z", "github_reviewed_at": "2024-04-19T19:49:13Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-22640
- https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679
- https://github.com/tecnickcom/TCPDF
- https://github.com/zunak/CVE-2024-22640
- https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
Affected packages
Packagist / tecnickcom/tcpdf
Package
- Name
- tecnickcom/tcpdf
- Purl
- pkg:composer/tecnickcom/tcpdf
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.5
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.20
6.2.21
6.2.22
6.2.23
6.2.25
6.2.26
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
6.6.1
6.6.2
6.7.4