Moderate severityNVD Advisory· Published Apr 19, 2024· Updated Nov 4, 2025
CVE-2024-22640
CVE-2024-22640
Description
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tecnickcom/tcpdfPackagist | < 6.7.5 | 6.7.5 |
Affected products
2- TCPDF/TCPDFdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-mx3p-fhpw-x6rvghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2024-22640ghsaADVISORY
- github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679ghsaWEB
- lists.debian.org/debian-lts-announce/2025/06/msg00004.htmlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RBghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RBghsaWEB
News mentions
0No linked articles in our index yet.