CVE-2024-56522

Published: Dec 27, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

Vendor	Product	Versions
tecnick	tcpdf	affected `0 - < 6.8.0`

References

https://tcpdf.org

https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0

https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89

https://www.php.net/manual/en/types.comparisons.php

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-56522

Description

Affected Products

References