What is CVE-2022-41343?

CVE-2022-41343 is a vulnerability in N/a. Published 2022-09-25.

Is CVE-2022-41343 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

EPSS: 0.540 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

BKreisel/CVE-2022-41343
ARPSyndicate/cvemon
Amodio/h5p_
BKreisel/CVE-2022-46169
20142995/nuclei-templates
fardeen-ahmed/Bug-bounty-Writeups
insecrez/Bug-bounty-Writeups
nomi-sec/PoC-in-GitHub
cyb3r-w0lf/nuclei-template-collection

References

github.com/dompdf/dompdf/issues/2994
github.com/dompdf/dompdf/pull/2995
github.com/dompdf/dompdf/releases/tag/v2.0.1
tantosec.com/blog/cve-2022-41343/

Frequently asked questions

What is CVE-2022-41343?: CVE-2022-41343 is a vulnerability in N/a. Published 2022-09-25.
Is CVE-2022-41343 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.