CVE-2024-51058 — Files or Directories Accessible to External Parties in Tcpdf

CWE-552 — Files or Directories Accessible to External Parties6 documents5 sources

Severity

6.2MEDIUMNVD

EPSS

0.0%

top 89.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tcpdf Project Tcpdf Tecnickcom Tcpdf

Timeline

PublishedNov 26

Description

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

▶Packagisttecnickcom/tcpdf< 6.7.6

▶Debiantcpdf_project/tcpdf< 6.3.5+dfsg1-1+deb11u1+3

▶NVDtcpdf_project/tcpdf6.7.5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

TCPDF Local File Inclusion vulnerability↗2024-11-26

▶

OSV

TCPDF Local File Inclusion vulnerability↗2024-11-26

▶

OSV

CVE-2024-51058: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6↗2024-11-26

▶

CVEList

CVE-2024-51058: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6↗2024-11-26

▶

📋Vendor Advisories

Debian

CVE-2024-51058: tcpdf - Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Thi...↗2024

▶