Dompdf_project Dompdf

12 CVEs affecting Dompdf_project Dompdf. Latest disclosed: 2024-11-15. Critical: 5, High: 2.

Top CVEs affecting Dompdf_project Dompdf
CVESeverityScorePublishedSummary
CVE-2023-24813Critical10.02023-02-07Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrar…
CVE-2023-23924Critical10.02023-02-01Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This ma…
CVE-2021-3902Critical9.82024-11-15An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserializatio…
CVE-2021-3838Critical9.82024-11-15DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() func…
CVE-2022-28368Critical9.82022-04-03Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input fi…
CVE-2014-5013High8.82020-01-10DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
CVE-2022-41343High7.52022-09-25registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demons…
CVE-2014-5012Medium6.52020-01-10DOMPDF before 0.6.2 allows denial of service.
CVE-2014-5011Medium6.52020-01-10DOMPDF before 0.6.2 allows Information Disclosure.
CVE-2023-50262Medium5.32023-12-13Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One…
CVE-2022-2400Medium5.32022-07-18External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
CVE-2022-0085Medium5.32022-06-28Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.