Dompdf_project Dompdf
12 CVEs affecting Dompdf_project Dompdf. Latest disclosed: 2024-11-15. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-24813 | Critical | 10.0 | 2023-02-07 | Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrar… |
CVE-2023-23924 | Critical | 10.0 | 2023-02-01 | Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This ma… |
CVE-2021-3902 | Critical | 9.8 | 2024-11-15 | An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserializatio… |
CVE-2021-3838 | Critical | 9.8 | 2024-11-15 | DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() func… |
CVE-2022-28368 | Critical | 9.8 | 2022-04-03 | Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input fi… |
CVE-2014-5013 | High | 8.8 | 2020-01-10 | DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. |
CVE-2022-41343 | High | 7.5 | 2022-09-25 | registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demons… |
CVE-2014-5012 | Medium | 6.5 | 2020-01-10 | DOMPDF before 0.6.2 allows denial of service. |
CVE-2014-5011 | Medium | 6.5 | 2020-01-10 | DOMPDF before 0.6.2 allows Information Disclosure. |
CVE-2023-50262 | Medium | 5.3 | 2023-12-13 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One… |
CVE-2022-2400 | Medium | 5.3 | 2022-07-18 | External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. |
CVE-2022-0085 | Medium | 5.3 | 2022-06-28 | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. |