Skip to content

TCPDF has incorrect comparison

Moderate severity GitHub Reviewed Published Dec 27, 2024 to the GitHub Advisory Database • Updated Dec 27, 2024

Package

composer tecnickcom/tcpdf (Composer)

Affected versions

< 6.8.0

Patched versions

6.8.0

Description

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

References

Published by the National Vulnerability Database Dec 27, 2024
Published to the GitHub Advisory Database Dec 27, 2024
Reviewed Dec 27, 2024
Last updated Dec 27, 2024

Severity

Moderate

EPSS score

0.045%
(17th percentile)

Weaknesses

CVE ID

CVE-2024-56522

GHSA ID

GHSA-w95c-7994-ghpr

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.