Search CVE reports
1 – 10 of 13 results
CVE-2023-50262
Medium priorityDompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself....
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-3902
Medium priority[Unknown description]
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-3838
Medium prioritySome fixes available 4 of 5
[Unknown description]
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-24813
High priorityDompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of...
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-23924
Medium priorityDompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar`...
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-41343
Medium priorityregisterFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-2400
Medium prioritySome fixes available 4 of 21
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
3 affected packages
civicrm, icingaweb2, php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| icingaweb2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| php-dompdf | Not in release | Fixed | Fixed | Fixed | Fixed |
CVE-2022-0085
Medium priorityServer-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-28368
Medium priorityDompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Not affected |
CVE-2014-5013
Medium prioritySome fixes available 1 of 5
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
1 affected packages
php-dompdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-dompdf | — | Not affected | Not affected | Not affected | Fixed |