CVE-2024-51058: TCPDF Local File Inclusion vulnerability
(updated )
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server’s file system through src tag, potentially exposing sensitive information.
References
- github.com/advisories/GHSA-rmv2-8jjc-23xw
- github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058
- github.com/tecnickcom/TCPDF
- github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
- lists.debian.org/debian-lts-announce/2025/06/msg00004.html
- nvd.nist.gov/vuln/detail/CVE-2024-51058
Code Behaviors & Features
Detect and mitigate CVE-2024-51058 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →