CVE-2017-6100
published 2017-02-23CVE-2017-6100: tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
PriorityP338high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.46%
70.3th percentile
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tcpdf | < tcpdf 6.2.12+dfsg2-1 (bookworm) | tcpdf 6.2.12+dfsg2-1 (bookworm) |
| tcpdf_project | tcpdf | <= 6.1.1 | — |
| tcpdf_project | tcpdf | >= 0 < 6.2.12+dfsg2-1 | 6.2.12+dfsg2-1 |
| tcpdf_project | tcpdf | >= 0 < 6.2.12+dfsg2-1 | 6.2.12+dfsg2-1 |
| tcpdf_project | tcpdf | >= 0 < 6.2.12+dfsg2-1 | 6.2.12+dfsg2-1 |
| tcpdf_project | tcpdf | >= 0 < 6.2.12+dfsg2-1 | 6.2.12+dfsg2-1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-6100: tcpdf - tcpdf before 6.2.0 uploads files from the server generating PDF-files to an exte...
vendor_debian·2017·CVSS 7.5
CVE-2017-6100 [HIGH] CVE-2017-6100: tcpdf - tcpdf before 6.2.0 uploads files from the server generating PDF-files to an exte...
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
Scope: local
bookworm: resolved (fixed in 6.2.12+dfsg2-1)
bullseye: resolved (fixed in 6.2.12+dfsg2-1)
forky: resolved (fixed in 6.2.12+dfsg2-1)
sid: resolved (fixed in 6.2.12+dfsg2-1)
trixie: resolved (fixed in 6.2.12+dfsg2-1)
GHSA
GHSA-xv34-wq27-w2wm: tcpdf before 6
ghsa_unreviewed·2022-05-13
CVE-2017-6100 [HIGH] CWE-668 GHSA-xv34-wq27-w2wm: tcpdf before 6
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
OSV
CVE-2017-6100: tcpdf before 6
osv·2017-02-23·CVSS 7.5
CVE-2017-6100 [HIGH] CVE-2017-6100: tcpdf before 6
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
No detection rules found.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2017/02/19/1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030https://sourceforge.net/p/tcpdf/bugs/1005/http://www.openwall.com/lists/oss-security/2017/02/19/1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030https://sourceforge.net/p/tcpdf/bugs/1005/
2017-02-23
Published