Dompdf/dompdf

This hub aggregates every CVE we track for Dompdf/dompdf, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 14 most recently published vulnerabilities affecting Dompdf/dompdf.

• CVE-2021-3902Improper Restriction of XML External Entity Reference in dompdf/dompdf9.8Nov 15, 2024
• CVE-2021-3838PHAR Deserialization in dompdf/dompdf9.8Nov 15, 2024
• CVE-2023-50262Dompdf possible DoS caused by infinite recursion when parsing SVG images5.3Dec 13, 2023
• CVE-2023-24813URI validation failure on SVG parsing. Bypass of CVE-2023-2392410.0Feb 7, 2023
• CVE-2023-23924URI validation failure on SVG parsing in Dompdf10.0Jan 31, 2023
• CVE-2022-41343registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.7.5Sep 25, 2022
• CVE-2022-2400External Control of File Name or Path in dompdf/dompdf5.3Jul 18, 2022
• CVE-2022-0085Server-Side Request Forgery (SSRF) in dompdf/dompdf5.3Jun 28, 2022
• CVE-2022-28368Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).9.8Apr 3, 2022
• CVE-2014-5011DOMPDF before 0.6.2 allows Information Disclosure.6.5Jan 10, 2020
• CVE-2014-5012DOMPDF before 0.6.2 allows denial of service.6.5Jan 10, 2020
• CVE-2014-5013DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.8.8Jan 10, 2020
• CVE-2014-2383dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the...6.8Apr 28, 2014
• CVE-2010-4879PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.7.5Oct 7, 2011