GHSA-w95c-7994-ghpr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w95c-7994-ghpr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w95c-7994-ghpr
- Aliases
- Published
- 2024-12-27T06:30:48Z
- Modified
- 2025-11-03T23:05:57.134796Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- TCPDF has incorrect comparison
- Details
-
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
- Database specific
{ "cwe_ids": [ "CWE-697", "CWE-843" ], "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2024-12-27T21:07:22Z", "nvd_published_at": "2024-12-27T05:15:08Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-56522
- https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
- https://github.com/tecnickcom/TCPDF
- https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
- https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
- https://tcpdf.org
- https://www.php.net/manual/en/types.comparisons.php
Affected packages
Packagist / tecnickcom/tcpdf
Package
- Name
- tecnickcom/tcpdf
- Purl
- pkg:composer/tecnickcom/tcpdf
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8.0
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.20
6.2.21
6.2.22
6.2.23
6.2.25
6.2.26
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
6.6.1
6.6.2
6.7.4
6.7.5
6.7.6
6.7.7
6.7.8