VulnerableCode Package Details - pkg:composer/tecnickcom/tcpdf@6.7.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-6v88-kxad-43bm Aliases: CVE-2024-22640 GHSA-mx3p-fhpw-x6rv	TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.	6.7.5 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9w5p-pk6t-pkeb Aliases: CVE-2024-56521 GHSA-9mgx-552f-59p6	An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.	6.8.0 Affected by 0 other vulnerabilities.
VCID-h6xu-bxxs-4yb1 Aliases: CVE-2024-51058 GHSA-rmv2-8jjc-23xw	Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.	6.7.6 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mfyb-t5sz-g7ed Aliases: CVE-2024-56519 GHSA-4p8j-vhjm-6pvw	An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.	6.8.0 Affected by 0 other vulnerabilities.
VCID-s9np-7v18-suc7 Aliases: CVE-2024-56527 GHSA-qx95-cwh6-9mvq	An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.	6.8.0 Affected by 0 other vulnerabilities.
VCID-xsde-1m6b-j7ds Aliases: CVE-2024-56522 GHSA-w95c-7994-ghpr	An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.	6.8.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6v88-kxad-43bm
Aliases:
CVE-2024-22640
GHSA-mx3p-fhpw-x6rv

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

6.7.5
Affected by 5 other vulnerabilities.

VCID-9w5p-pk6t-pkeb
Aliases:
CVE-2024-56521
GHSA-9mgx-552f-59p6

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

6.8.0
Affected by 0 other vulnerabilities.

VCID-h6xu-bxxs-4yb1
Aliases:
CVE-2024-51058
GHSA-rmv2-8jjc-23xw

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.

6.7.6
Affected by 4 other vulnerabilities.

VCID-mfyb-t5sz-g7ed
Aliases:
CVE-2024-56519
GHSA-4p8j-vhjm-6pvw

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

6.8.0
Affected by 0 other vulnerabilities.

VCID-s9np-7v18-suc7
Aliases:
CVE-2024-56527
GHSA-qx95-cwh6-9mvq

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

6.8.0
Affected by 0 other vulnerabilities.

VCID-xsde-1m6b-j7ds
Aliases:
CVE-2024-56522
GHSA-w95c-7994-ghpr

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

6.8.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2e9b-ns8q-rkcu	TCPDF before 6.7.4 mishandles calls that use HTML syntax.	CVE-2024-32489 GHSA-g9wg-98c2-qv3v

Vulnerability

Summary

Aliases

VCID-2e9b-ns8q-rkcu

TCPDF before 6.7.4 mishandles calls that use HTML syntax.

CVE-2024-32489
GHSA-g9wg-98c2-qv3v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:48:51.917012+00:00	GitLab Importer	Affected by	VCID-xsde-1m6b-j7ds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56522.yml	38.6.0
2026-06-12T19:48:50.936910+00:00	GitLab Importer	Affected by	VCID-9w5p-pk6t-pkeb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56521.yml	38.6.0
2026-06-12T19:48:50.268862+00:00	GitLab Importer	Affected by	VCID-s9np-7v18-suc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56527.yml	38.6.0
2026-06-12T19:48:49.592868+00:00	GitLab Importer	Affected by	VCID-mfyb-t5sz-g7ed	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56519.yml	38.6.0
2026-06-12T19:47:28.696587+00:00	GitLab Importer	Affected by	VCID-h6xu-bxxs-4yb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-51058.yml	38.6.0
2026-06-12T19:26:09.438035+00:00	GitLab Importer	Affected by	VCID-6v88-kxad-43bm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-22640.yml	38.6.0
2026-06-12T15:48:29.395166+00:00	GitLab Importer	Fixing	VCID-2e9b-ns8q-rkcu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-32489.yml	38.6.0
2026-06-12T07:40:44.256816+00:00	GithubOSV Importer	Fixing	VCID-2e9b-ns8q-rkcu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-g9wg-98c2-qv3v/GHSA-g9wg-98c2-qv3v.json	38.6.0
2026-06-11T20:34:32.981305+00:00	GHSA Importer	Affected by	VCID-6v88-kxad-43bm	https://github.com/advisories/GHSA-mx3p-fhpw-x6rv	38.6.0
2026-06-11T20:34:27.091600+00:00	GHSA Importer	Fixing	VCID-2e9b-ns8q-rkcu	https://github.com/advisories/GHSA-g9wg-98c2-qv3v	38.6.0