Description
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
Exploits (1)
Scores
CVSS v3
7.5
EPSS
0.0899
EPSS Percentile
92.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (1)
tcpdf_project/tcpdf
< 6.7.4
Published
May 28, 2024
Tracked Since
Feb 18, 2026