CVE-2022-30351

Name of the Vulnerable Software and Affected Versions PDFZorro PDFZorro Online version r20220428 TCPDF version 6.2.5

Description The issue arises from the improper sanitization of redacted information in PDF files. Despite claims of correctly removing redacted data, the software fails to do so in all cases, leading to the unintentional leakage of redacted information, including images and text. When PDF text objects are present, it is possible to copy-paste redacted information into the system clipboard. Once a document is locked and marked for redaction, all subsequent redactions are vulnerable.

Recommendations For PDFZorro PDFZorro Online version r20220428, consider disabling the redaction feature until a patch is available to prevent further leakage of sensitive information. For TCPDF version 6.2.5, restrict the use of PDF text objects to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.