From 05f3a28f4a7905019469e040cf77e53d6aa7f679 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 21 Apr 2024 05:03:05 +1200 Subject: [PATCH] fix: CSV-2024-22640 (#712) Add possessive quantifiers to the regex to prevent catastrophic backtracking. --- include/tcpdf_colors.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tcpdf_colors.php b/include/tcpdf_colors.php index 7f337f31..5a51594c 100644 --- a/include/tcpdf_colors.php +++ b/include/tcpdf_colors.php @@ -275,7 +275,7 @@ public static function convertHTMLColorToDec($hcolor, &$spotc, $defcol=array('R' $color = strtolower($color); // check for javascript color array syntax if (strpos($color, '[') !== false) { - if (preg_match('/[\[][\"\'](t|g|rgb|cmyk)[\"\'][\,]?([0-9\.]*)[\,]?([0-9\.]*)[\,]?([0-9\.]*)[\,]?([0-9\.]*)[\]]/', $color, $m) > 0) { + if (preg_match('/[\[][\"\'](t|g|rgb|cmyk)[\"\'][\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\]]/', $color, $m) > 0) { $returncolor = array(); switch ($m[1]) { case 'cmyk': {