AIKIDO-2024-10348

fooman/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS)

Medium

fooman/tcpdf php

AIKIDO-2024-10348: fooman/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 2.0.0 - 6.7.4.

Regular Expression Denial of Service (ReDoS)

Vuln in 2.0.0 - 6.7.4

Fixed in 6.7.5

CSV-2024-22640

TL;DR

Affected versions of the package are vulnerable to Regular Expression Denial of Service (ReDoS) when a malicious color value is passed to the convertHTMLColorToDec() function.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade fooman/tcpdf library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10348

fooman/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS)

fooman/tcpdf php

AIKIDO-2024-10348: fooman/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 2.0.0 - 6.7.4.

Don’t be left in the dark