CVE-2018-17057
- Source
- https://cve.org/CVERecord?id=CVE-2018-17057
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17057.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-17057
- Aliases
- Downstream
- Published
- 2018-09-14T20:29:00.540Z
- Modified
- 2026-05-18T12:01:14.418944967Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.16.0" } ], "vendor_product": "limesurvey:limesurvey" }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:tecnick:tcpdf:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "6.2.22" } ], "vendor_product": "tecnick:tcpdf" }, { "source": "DESCRIPTION", "extracted_events": [ { "fixed": "6.2.22" } ] } ] }- References
-
- http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/Mar/36
- https://contao.org/en/news/security-vulnerability-cve-2018-17057.html
- https://www.exploit-db.com/exploits/46634/
- https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5
- https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed
- http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html
Affected packages
Git / github.com/limesurvey/limesurvey
Affected versions
1.*
1.45a
1.45a_2007-02-24
1.50_2007-08-06
1.70_2008-02-25
1.70_plus_2008-03-09
1.70_plus_2008-03-16
1.70_plus_2008-03-17
1.70_plus_2008-03-30
1.70_plus_2008-04-07
1.70_plus_2008-04-14
1.70_plus_2008-04-21
1.70_plus_2008-04-28
1.70_plus_2008-05-05
1.70_plus_2008-05-12
1.70_plus_2008-05-19
1.70_plus_2008-05-21
1.70_plus_2008-05-26
1.71_plus_2008-06-12
1.71_plus_2008-06-17
1.71_plus_2008-06-30
1.71_plus_2008-07-07
1.71_plus_2008-07-15
1.71_plus_2008-07-30
1.71_plus_2008-08-05
1.71_plus_2008-08-15
1.71_plus_2008-08-27
1.71_plus_2008-09-01
1.71_plus_2008-09-08
1.71_plus_2008-09-15
1.71_plus_2008-09-22
1.71_plus_2008-09-29
1.72_2008-10-07
1.80_2009-03-09
1.80_plus_2009-03-23
1.80_plus_2009-03-30
1.80_plus_2009-04-06
1.81_2009-04-10
1.81_plus_2009-04-16
1.81_plus_2009-04-20
1.82_2009-04-29
1.82_plus_2009-05-04
1.82_plus_2009-05-11
1.85_2009-06-15
1.85_plus_2009-06-22
1.85_plus_2009-06-29
1.85_plus_2009-07-08
1.85_plus_2009-07-20
1.85_plus_2009-08-03
1.85_plus_2009-08-10
1.85_plus_2009-08-12
1.85_plus_2009-08-19
1.85_plus_2009-08-24
1.85_plus_2009-08-31
1.85_plus_2009-09-07
1.85_plus_2009-09-15
1.85_plus_2009-09-21
1.85_plus_2009-09-28
1.86_2009-09-30
1.87_2009-12-29
1.87_plus_2010-01-05
1.87_plus_2010-01-12
1.87_plus_2010-01-19
1.87_plus_2010-01-26
1.87_plus_2010-02-02
1.87_plus_2010-02-09
1.87_plus_2010-02-11
1.87_plus_2010-02-16
1.87_plus_2010-02-23
1.87_plus_2010-03-02
1.87_plus_2010-03-09
1.87_plus_2010-03-18
1.87_plus_2010-03-23
1.90_plus_2010-08-10
1.90_plus_2010-08-17
1.90_plus_2010-08-24
1.90_plus_2010-09-07
1.90_plus_2010-09-14
1.90_plus_2010-09-29
1.90_plus_2010-10-05
1.90_plus_2010-10-12
1.90_plus_2010-10-13
1.90_plus_2010-10-19
1.90_plus_2010-10-20
1.90_plus_2010-10-23
1.90_plus_2010-10-26
1.90_plus_2010-11-03
1.90_plus_2010-11-09
1.90_plus_2010-11-16
1.90_plus_2010-11-23
1.90_plus_2010-11-30
1.90_plus_2010-12-07
1.90_plus_2010-12-14
1.90_plus_2011-01-25
1.91RC3
1.91_2011-05-03
1.91_plus_10232
1.91_plus_10315
1.91_plus_2011-05-10
1.91_plus_2011-05-12
1.91_plus_2011-05-17
1.91_plus_2011-05-25
1.91_plus_2011-06-01
1.91_plus_2011-06-05
1.91_plus_2011-06-08
1.91_plus_2011-06-15
1.91_plus_2011-06-21
1.91_plus_2011-06-29
1.91_plus_2011-07-08
1.91_plus_2011-07-11
1.91_plus_2011-07-12
1.91_plus_2011-07-22
1.91_plus_2011-07-28
1.91_plus_2011-08-03
1.91_plus_2011-08-05
1.91_plus_2011-08-10
1.91_plus_2011-08-11
1.91_plus_2011-08-16
1.91_plus_2011-08-26
1.91_plus_2011-09-06
1.91_plus_2011-09-20
1.91_plus_2011-09-21
1.91_plus_2011-10-05
1.91_plus_2011-10-14
1.91_plus_2011-10-20
1.91_plus_2011-10-21
1.91_plus_2011-11-08
1.91_plus_2011-11-16
1.91_plus_2011-12-30
1.91_plus_2012-01-23
1.92_plus_120319
1.92_plus_120323
1.92_plus_120330
1.92_plus_120405
1.92_plus_120501
1.92_plus_120509
1.92_plus_120516
1.92_plus_120517
1.92_plus_120607
1.92_plus_120608
1.92_plus_120613
1.92_plus_120620
1.92_plus_120718
1.92_plus_120725
1.92_plus_120815
1.92_plus_120822
1.92_plus_120909
1.92_plus_120919
2.*
2.00_120920
2.00_120926
2.00_plus_120924
2.00_plus_120926
2.00_plus_120930
2.00_plus_120931
2.00_plus_121005
2.00_plus_121006
2.00_plus_121009
2.00_plus_121011
2.00_plus_121013
2.00_plus_121014
2.00_plus_121016
2.00_plus_121017
2.00_plus_121019
2.00_plus_121024
2.00_plus_121025
2.00_plus_121101
2.00_plus_121102
2.00_plus_121104
2.00_plus_121106
2.00_plus_121113
2.00_plus_121115
2.00_plus_121116
2.00_plus_121117
2.00_plus_121120
2.00_plus_121121
2.00_plus_121127
2.00_plus_121207
2.00_plus_121208
2.00_plus_121209
2.00_plus_121211
2.00_plus_121213
2.00_plus_121220
2.00_plus_121231
2.00_plus_130103
2.00_plus_130108
2.00_plus_130110
2.00_plus_130115
2.00_plus_130116
2.00_plus_130122
2.00_plus_130206
2.00_plus_130213
2.00_plus_130219
2.00_plus_130226
2.00_plus_130305
2.00_plus_130311
2.00_plus_130317
2.00_plus_130325
2.00_plus_130406
2.00_plus_130423
2.00_plus_130428
2.00_plus_130513
2.00_plus_130514
2.00_plus_130611
2.00_plus_130708
2.00_plus_130802
2.00_plus_130913
2.00_plus_130923
2.00_plus_130929
2.00_plus_131009
2.00_plus_131022
2.00_plus_131031
2.00_plus_131107
2.00_plus_131122
2.00_plus_131202
2.00_plus_131206
2.05_131209
2.05_plus_131219
2.05_plus_140109
2.05_plus_140116
2.05_plus_140125
2.05_plus_140131
2.05_plus_140204
2.05_plus_140212
2.05_plus_140216
2.05_plus_140217
2.05_plus_140226
2.05_plus_140317
2.05_plus_140320
2.05_plus_140404
2.05_plus_140414
2.05_plus_140422
2.05_plus_140502
2.05_plus_140520
2.05_plus_140611
2.05_plus_140612
2.05_plus_140618
2.05_plus_140703
2.05_plus_140717
2.05_plus_140730
2.05_plus_140811
2.05_plus_140902
2.05_plus_140911
2.05_plus_140915
2.05_plus_141003
2.05_plus_141020
2.05_plus_141109
2.05_plus_141110
2.05_plus_141113
2.05_plus_141123
2.05_plus_141126
2.05_plus_141210
2.05_plus_141229
2.05_plus_150310
2.05_plus_150413
2.05_plus_150508
2.05_plus_150520
2.06_plus_150619
2.06_plus_150629
2.06_plus_150723
2.06_plus_150731
2.06_plus_150812
2.06_plus_150825
2.06_plus_150911
2.06_plus_150930
2.06_plus_151014
2.06_plus_151016
2.06_plus_151018
2.06_plus_151109
2.06_plus_151126
2.06_plus_151205
2.06_plus_151215
2.06_plus_160121
2.06_plus_160123
2.06_plus_160129
2.50_plus_160202
2.50_plus_160204
2.50_plus_160210
2.50_plus_160212
2.50_plus_160213
2.50_plus_160215
2.50_plus_160216
2.50_plus_160217
2.50_plus_160218
2.50_plus_160222
2.50_plus_160310
2.50_plus_160311
2.50_plus_160314
2.50_plus_160323
2.50_plus_160330
2.50_plus_160404
2.50_plus_160407
2.50_plus_160412
2.50_plus_160413
2.50_plus_160414
2.50_plus_160415
2.50_plus_160418
2.50_plus_160421
2.50_plus_160426
2.50_plus_160428
2.50_plus_160506
2.50_plus_160512
2.50_plus_160516
2.50_plus_160517
2.50_plus_160523
2.50_plus_160525
2.50_plus_160526
2.50_plus_160529
2.50_plus_160602
2.50_plus_160603
2.50_plus_160606
2.50_plus_160613
2.50_plus_160616
2.50_plus_160620
2.50_plus_160714
2.50_plus_160715
2.50_plus_160718
2.50_plus_160726
2.50_plus_160727
2.50_plus_160728
2.50_plus_160731
2.51.1_160901
2.51.2_160906
2.51.3_160907
2.51.4+160908
2.51.4_160908
2.52+160929
2.54+161007
2.54.1+161010
2.54.2+161012
2.54.3+161014
2.54.4+161018
2.55+161021
2.55.1+161026
2.55.2+161103
2.55.3+161111
2.56+161117
2.56.1+161118
2.57.0+161202
2.57.1+161205
2.58.0+170104
2.58.1+170113
2.58.2+170114
2.59.0+170115
2.59.1+170116
2.62.0+170124
2.62.1+170130
2.62.2+170203
2.63.1+170305
2.64.0+170307
2.64.1+170310
2.64.2+170324
2.64.3+170327
2.64.4+170330
2.64.5+170331
2.64.6+170332
2.64.7+170404
2.65.0+170502
2.65.0+170522
2.65.1+170522
2.65.2+170606
2.65.4+170612
2.66.6+170619
2.67.0+170622
2.67.1+170626
2.67.2+170719
2.67.2+170728
2.67.3+170728
2.71.0+170925
2.71.1+170927
2.72.0+171010
2.72.2+171017
2.72.3+171020
2.72.4+171110
2.72.5+171121
2.72.6+171207
2.73.0+171219
2.91_plus_10315
3.*
3.0.0+171222
3.0.2+180110
3.0.3+180112
3.0.4+180116
3.0.5+180118
3.1.0
3.1.1+180130
3.10.0+180611
3.11.0+180612
3.12.0+180615
3.12.1+180616
3.12.2+180625
3.12.3+180627
3.13.0+180628
3.13.1+180629
3.13.2+180709
3.14.0+180730
3.14.1+180731
3.14.10+180924
3.14.10+180926
3.14.11+180926
3.14.2+180807
3.14.4+180810
3.14.5+180815
3.14.6+180821
3.14.7+180827
3.14.8+180829
3.14.9+180917
3.15.0+181008
3.15.1+181017
3.15.2+181107
3.15.3+181108
3.15.4+181109
3.15.5+181115
3.15.6+190108
3.15.7+190124
3.15.8+190130
3.15.9+190214
3.16.1+190225
3.16.1+190314
3.2.0+180206
3.2.1+180207
3.3.0+180209
3.3.1
3.4.0+180219
3.4.1+180221
3.4.2+180223
3.4.3+180227
3.4.4+180305
3.5.0+180309
3.5.1+180312
3.5.2+180315
3.5.3+180316
3.5.4+180320
3.6.0+180328
3.6.1+180329
3.6.2+180406
3.6.3+180416
3.7.0+180418
3.7.1+180424
3.7.2+180508
3.7.3+180516
3.8.0+180522
3.8.1+180524
3.8.2+180529
3.9.0+180604
Git / github.com/tecnickcom/tcpdf
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
Other
OLDv6