Advisories » MGASA-2024-0169

Updated php-tcpdf packages fix security vulnerability

Publication date: 09 May 2024
Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22640

Description

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial
of Service) if parsing an untrusted HTML page with a crafted color.
(CVE-2024-22640)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33173
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22640

SRPMS

9/core

• php-tcpdf-6.5.0-1.1.mga9