CVE-2024-22641

Name of the Vulnerable Software and Affected Versions TCPDF versions 6.6.5 and earlier

Description The issue arises when parsing an untrusted SVG file, leading to a ReDoS (Regular Expression Denial of Service) condition. This occurs due to the inefficient handling of regular expressions within the TCPDF library, specifically when it encounters maliciously crafted SVG files. The ReDoS condition can cause the application to consume excessive resources, resulting in a denial-of-service state.

Recommendations For TCPDF versions 6.6.5 and earlier, consider updating to a version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.