tcpdf_project tcpdf の CVE（9 件）

CVE 件数: 9 CPE versions: View versions table

概要

本ページは tcpdf_project tcpdf に影響する公開済み CVE（NVD の CPE 経由で関連付け）を列挙します。各行に深刻度指標・概要・公開日が含まれます。

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2024-56527	An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.	[email protected]	7.5	0.47%	2024-12-27	2025-11-03
CVE-2024-56522	An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.	[email protected]	7.5	0.15%	2024-12-27	2025-11-03
CVE-2024-56521	An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.	[email protected]	9.8	0.25%	2024-12-27	2025-04-21
CVE-2024-56519	An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.	[email protected]	7.5	0.17%	2024-12-27	2025-11-03
CVE-2024-51058	Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.	[email protected]	6.2	0.03%	2024-11-26	2025-11-03
CVE-2024-22641	TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.	[email protected]	7.5	8.99%	2024-05-28	2025-11-03
CVE-2024-22640	TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.	[email protected]	7.5	1.55%	2024-04-19	2025-11-04
CVE-2024-32489	TCPDF before 6.7.4 mishandles calls that use HTML syntax.	[email protected]	6.1	0.21%	2024-04-15	2025-11-03
CVE-2017-6100	tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.	[email protected]	7.5	0.31%	2017-02-23	2026-05-13

cvelogic Threat Intelligence