Search for packages
| purl | pkg:composer/dompdf/dompdf@2.0.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6uwe-wg7h-4uck
Aliases: CVE-2022-41343 GHSA-6x28-7h8c-chx4 |
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. |
Affected by 3 other vulnerabilities. |
|
VCID-9wzq-4yc6-17d4
Aliases: CVE-2023-50262 GHSA-3qx2-6f78-w2j2 |
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue. |
Affected by 1 other vulnerability. |
|
VCID-wghv-pf4e-w3by
Aliases: GHSA-97m3-52wr-xvv2 GMS-2024-338 GMS-2024-341 |
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3y27-a2g7-vbff | DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code. |
CVE-2021-3838
GHSA-577p-7j7h-2jgf |
| VCID-euye-hzm8-wkff | External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. |
CVE-2022-2400
GHSA-5qj8-6xxj-hp9h |
| VCID-m27n-v4kb-9qe6 | Server-Side Request Forgery in dompdf/dompdf |
CVE-2022-0085
GHSA-pf6p-25r2-fx45 |
| VCID-tshn-sa2g-cbac | An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks. |
CVE-2021-3902
GHSA-3vjh-xrhf-v9xh |