CPE Details
Tcpdf Project Tcpdf 6.7.4
6.7.4
2025-04-17
15h44 +00:00
15h44 +00:00
2025-04-17
15h44 +00:00
15h44 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:tcpdf_project:tcpdf:6.7.4:*:*:*:*:*:*:*
Informations
Vendor
tcpdf_projectProduct
tcpdfVersion
6.7.4Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | 9.8 |
Critique |
||
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | 7.5 |
Haute |
||
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | 7.5 |
Haute |
||
| An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. | 7.5 |
Haute |
||
| TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. | 7.5 |
Haute |
||
| TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. | 7.5 |
Haute |
