Home/Product/dompdf project dompdf
Product

dompdf project dompdf

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-3902
< 2.0.0
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forg
9.8CRITICAL
 CVE-2021-3838
< 2.0.0
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into
9.8CRITICAL
 CVE-2024-25117
< 0.5.2
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to valid
6.8MEDIUM
 CVE-2023-50262
<= 2.0.3
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths wit
5.3MEDIUM
 CVE-2023-50252
< 0.5.1
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling <use> tag that references an `<ima
8.3HIGH
 CVE-2023-50251
< 0.5.1
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag
5.3MEDIUM
 CVE-2023-24813
all versions
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an att
10.0CRITICAL
 CVE-2023-23924
all versions
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing <image> tags wi
10.0CRITICAL
 CVE-2022-41343
< 2.0.1
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt
7.5HIGH
 CVE-2022-2400
< 2.0.0
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
5.3MEDIUM
 CVE-2022-0085
< 2.0.0
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
5.3MEDIUM
 CVE-2022-28368
< 1.2.1
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) state
9.8CRITICAL
 CVE-2014-5013
< 0.6.2
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
8.8HIGH
 CVE-2014-5012
< 0.6.2
DOMPDF before 0.6.2 allows denial of service.
6.5MEDIUM
 CVE-2014-5011
< 0.6.2
DOMPDF before 0.6.2 allows Information Disclosure.
6.5MEDIUM
 CVE-2014-2383
<= 0.6.0
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protecti
 CVE-2010-4879
all versions
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin