Advisories » MGASA-2024-0361

Updated php-tcpdf packages fix security vulnerability

Publication date: 12 Nov 2024
Modification date: 11 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22641

Description

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular
Expression Denial of Service) if parsing an untrusted SVG file.
(CVE-2024-22641)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33731
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGK7LQSJONZPU3VOQTQ36UN6OAD6ZM4H/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22641

SRPMS

9/core

• php-tcpdf-6.5.0-1.2.mga9