CVE-2024-56522: TCPDF has incorrect comparison
(updated )
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
References
- github.com/advisories/GHSA-w95c-7994-ghpr
- github.com/tecnickcom/TCPDF
- github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
- github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
- lists.debian.org/debian-lts-announce/2025/06/msg00004.html
- nvd.nist.gov/vuln/detail/CVE-2024-56522
- tcpdf.org/
- www.php.net/manual/en/types.comparisons.php
Code Behaviors & Features
Detect and mitigate CVE-2024-56522 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →