CVE-2024-22640

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

CVSS

No CVSS.

References

Link	Resource
https://github.com/tecnickcom/TCPDF
https://github.com/zunak/CVE-2024-22640
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/

Configurations

No configuration.

History

02 May 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/ -
Summary		(es) La versión de TCPDF <= 6.6.5 es vulnerable a ReDoS (denegación de servicio de expresión regular) si se analiza una página HTML que no es de confianza con un color manipulado.

19 Apr 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-19 16:15

Updated : 2024-05-02 03:15

NVD link : CVE-2024-22640

Mitre link : CVE-2024-22640

CVE.ORG link : CVE-2024-22640

JSON object : View

Products Affected

No product.

CWE

No CWE.