CVE-2024-22640: TCPDF vulnerable to Regular Expression Denial of Service
(updated )
TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
References
- github.com/advisories/GHSA-mx3p-fhpw-x6rv
- github.com/tecnickcom/TCPDF
- github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679
- github.com/zunak/CVE-2024-22640
- lists.debian.org/debian-lts-announce/2025/06/msg00004.html
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
- nvd.nist.gov/vuln/detail/CVE-2024-22640
Code Behaviors & Features
Detect and mitigate CVE-2024-22640 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →