search

tecnickcom / TCPDF

Official clone of PHP library to generate PDF documents and barcodes
https://tcpdf.org
Other
4.18k stars 1.51k forks source link

CVE-2024-22641 #724

Open mmuehlenhoff opened 4 months ago

mmuehlenhoff commented 4 months ago

This appeared in the CVE feed, it doesn't seem like it was ever reported to you though? https://github.com/zunak/CVE-2024-22641

(From: https://www.cve.org/CVERecord?id=CVE-2024-22641)

williamdes commented 4 months ago

https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679

typo CVE in commit name

Ref: https://github.com/tecnickcom/TCPDF/pull/712

carnil commented 4 months ago

Note, that there are two distinct reports:

https://github.com/zunak/CVE-2024-22641 and https://github.com/zunak/CVE-2024-22640

williamdes commented 4 months ago

Thank you @carnil What a mess, no upstream coordination

rbro commented 3 months ago

Has CVE-2024-22641 been fixed too, or is it still pending?

zolthan commented 1 month ago

Still no new version for fixing this issue?