CVE-2024-56522 Information

Description

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

Reference

https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89 https://github.com/tecnickcom/TCPDF/compare/6.7.8…6.8.0 https://tcpdf.org https://www.php.net/manual/en/types.comparisons.php