CVE-2017-6100Resource Exposure in Project Tcpdf

CWE-668Resource Exposure6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tcpdf Project Tcpdf
Timeline
PublishedFeb 23
Latest updateMay 13

Description

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debiantcpdf_project/tcpdf< 6.2.12+dfsg2-1+3

Patches

Patch: www.openwall.comPatch: bugs.debian.orgPatch: sourceforge.net

🔴Vulnerability Details

3
GHSA
GHSA-xv34-wq27-w2wm: tcpdf before 62022-05-13
CVEList
CVE-2017-6100: tcpdf before 62017-02-23
OSV
CVE-2017-6100: tcpdf before 62017-02-23

💥Exploits & PoCs

1
Exploit-DB
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow2020-01-08

📋Vendor Advisories

1
Debian
CVE-2017-6100: tcpdf - tcpdf before 6.2.0 uploads files from the server generating PDF-files to an exte...2017
CVE-2017-6100 — Resource Exposure in Project Tcpdf | cvebase