What is CVE-2014-2383?

CVE-2014-2383 is a vulnerability in Dompdf, classified under Information Disclosure. Published 2014-04-28.

Is CVE-2014-2383 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Dompdf

CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by…

Vulnerability class: Information Disclosure

EPSS: 0.549 (98.1th percentile) — read the EPSS interpretation.

Affected products

Dompdf
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

cve@mitre.org (Broken Link)
cve@mitre.org (Patch, Third Party Advisory)
20140423 CVE-2014-2383 - Arbitrary file read in dompdf (mailing-list, Mailing List, Third Party Advisory)
20140423 CVE-2014-2383 - Arbitrary file read in dompdf (mailing-list, Third Party Advisory, VDB Entry, Broken Link)
cve@mitre.org

Frequently asked questions

What is CVE-2014-2383?: CVE-2014-2383 is a vulnerability in Dompdf, classified under Information Disclosure. Published 2014-04-28.
Is CVE-2014-2383 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.