Search for packages
| purl | pkg:composer/dompdf/dompdf@1.0.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3y27-a2g7-vbff
Aliases: CVE-2021-3838 GHSA-577p-7j7h-2jgf |
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code. |
Affected by 3 other vulnerabilities. |
|
VCID-6uwe-wg7h-4uck
Aliases: CVE-2022-41343 GHSA-6x28-7h8c-chx4 |
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. |
Affected by 3 other vulnerabilities. |
|
VCID-9wzq-4yc6-17d4
Aliases: CVE-2023-50262 GHSA-3qx2-6f78-w2j2 |
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue. |
Affected by 1 other vulnerability. |
|
VCID-euye-hzm8-wkff
Aliases: CVE-2022-2400 GHSA-5qj8-6xxj-hp9h |
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. |
Affected by 3 other vulnerabilities. |
|
VCID-m27n-v4kb-9qe6
Aliases: CVE-2022-0085 GHSA-pf6p-25r2-fx45 |
Server-Side Request Forgery in dompdf/dompdf |
Affected by 3 other vulnerabilities. |
|
VCID-q3qe-kk8b-wqhn
Aliases: CVE-2022-28368 GHSA-x752-qjv4-c4hc |
Remote code injection in dompdf/dompdf |
Affected by 7 other vulnerabilities. |
|
VCID-tshn-sa2g-cbac
Aliases: CVE-2021-3902 GHSA-3vjh-xrhf-v9xh |
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks. |
Affected by 3 other vulnerabilities. |
|
VCID-wghv-pf4e-w3by
Aliases: GHSA-97m3-52wr-xvv2 GMS-2024-338 GMS-2024-341 |
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||