High severityNVD Advisory· Published Dec 27, 2024· Updated Nov 3, 2025
CVE-2024-56522
CVE-2024-56522
Description
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tecnickcom/tcpdfPackagist | < 6.8.0 | 6.8.0 |
Affected products
2- tecnick/tcpdfv5Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-w95c-7994-ghprghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-56522ghsaADVISORY
- github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89ghsaWEB
- github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0ghsaWEB
- lists.debian.org/debian-lts-announce/2025/06/msg00004.htmlghsaWEB
- tcpdf.orgghsaWEB
- www.php.net/manual/en/types.comparisons.phpghsaWEB
News mentions
0No linked articles in our index yet.