CVE-2023-23924

Published: Jan 31, 2023

Modified: Mar 10, 2025

PUBLISHED

CVSS v3.1

10.0

CRITICAL

Description

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

Vendor	Product	Versions
dompdf	dompdf	affected `< 2.0.2`

Weaknesses (CWE)

CWE-551

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

High

References

https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg

x_refsource_CONFIRM

https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85

x_refsource_MISC

https://github.com/dompdf/dompdf/releases/tag/v2.0.2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-23924

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References