TCPDF icon indicating copy to clipboard operation
TCPDF copied to clipboard
verified publisher icon tecnickcom

CVE-2024-22641

Open mmuehlenhoff opened this issue 1 year ago • 9 comments

This appeared in the CVE feed, it doesn't seem like it was ever reported to you though? https://github.com/zunak/CVE-2024-22641

(From: https://www.cve.org/CVERecord?id=CVE-2024-22641)

mmuehlenhoff avatar May 29 '24 10:05 mmuehlenhoff

https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679

typo CVE in commit name

Ref: https://github.com/tecnickcom/TCPDF/pull/712

williamdes avatar May 29 '24 10:05 williamdes

Note, that there are two distinct reports:

https://github.com/zunak/CVE-2024-22641 and https://github.com/zunak/CVE-2024-22640

carnil avatar May 29 '24 20:05 carnil

Thank you @carnil What a mess, no upstream coordination

williamdes avatar Jun 01 '24 08:06 williamdes

Has CVE-2024-22641 been fixed too, or is it still pending?

rbro avatar Jun 28 '24 13:06 rbro

Still no new version for fixing this issue?

zolthan avatar Aug 07 '24 19:08 zolthan

Is there any update on this please? We're also seeing that Snyk still complains about this as being an open CVE: https://security.snyk.io/vuln/SNYK-PHP-TECNICKCOMTCPDF-7165692

glennmcewan avatar Oct 16 '24 11:10 glennmcewan

@nicolaasuni can you address this one before the next release ?

williamdes avatar Oct 26 '24 11:10 williamdes

This should be sorted now. Can you please verify?

nicolaasuni avatar Oct 26 '24 12:10 nicolaasuni

Ref https://github.com/tecnickcom/TCPDF/commit/17fe9597fb31d3d08c0f02a03338928ab8bcf0b5

williamdes avatar Oct 26 '24 18:10 williamdes