Improper input validation in Dompdf

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.015 (70.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2023-50262?
CVE-2023-50262 is a medium-severity vulnerability in Dompdf, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2023-12-13.
How severe is CVE-2023-50262?
Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2023-50262 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.