Cyber Resilience

CVE-2022-30351

High

Published: 30 March 2023

Published
30 March 2023
Modified
18 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0026 49.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-30351 is a high-severity Improper Encoding or Escaping of Output (CWE-116) vulnerability in Pdfzorro Pdfzorro. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 49.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the…

more

PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

pdfzorro
pdfzorro
r20220428

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-116

Validating that output matches expected content directly mitigates failures to properly encode or escape data for its destination context.

References