Info

Disclosure

Apr 02, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround, Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 4.9.006 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Disable the "K_TCPDF_CALLS_IN_HTML" configuration option.

Products

Unknown or Incomplete

References

Secunia Advisory ID: 39277
Mail List Post: http://seclists.org/bugtraq/2010/Apr/69
Vendor Specific News/Changelog Entry: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/63551