CVE-2024-22640

Name of the Vulnerable Software and Affected Versions TCPDF versions <= 6.6.5

Description The issue concerns a ReDoS (Regular Expression Denial of Service) vulnerability that occurs when parsing an untrusted HTML page with a crafted color. This can lead to a denial of service.

Recommendations For TCPDF versions <= 6.6.5, as a temporary workaround, consider avoiding the parsing of untrusted HTML pages until a patch is available. Restrict access to the HTML parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.