dompdf project

Top products

The 12 most recently published vulnerabilities affecting dompdf project.

• CVE-2021-3902Improper Restriction of XML External Entity Reference in dompdf/dompdf9.8Nov 15, 2024
• CVE-2021-3838PHAR Deserialization in dompdf/dompdf9.8Nov 15, 2024
• CVE-2023-50262Dompdf possible DoS caused by infinite recursion when parsing SVG images5.3Dec 13, 2023
• CVE-2023-24813URI validation failure on SVG parsing. Bypass of CVE-2023-2392410.0Feb 7, 2023
• CVE-2023-23924URI validation failure on SVG parsing in Dompdf10.0Jan 31, 2023
• CVE-2022-41343registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.7.5Sep 25, 2022
• CVE-2022-2400External Control of File Name or Path in dompdf/dompdf5.3Jul 18, 2022
• CVE-2022-0085Server-Side Request Forgery (SSRF) in dompdf/dompdf5.3Jun 28, 2022
• CVE-2022-28368Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).9.8Apr 3, 2022
• CVE-2014-5011DOMPDF before 0.6.2 allows Information Disclosure.6.5Jan 10, 2020
• CVE-2014-5012DOMPDF before 0.6.2 allows denial of service.6.5Jan 10, 2020
• CVE-2014-5013DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.8.8Jan 10, 2020