All the vulnerabilites related to dompdf - php-svg-lib
cve-2023-50252
Vulnerability from cvelistv5
Published
2023-12-12 20:39
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
php-svg-lib unsafe attributes merge when parsing `use` tag
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr | x_refsource_CONFIRM | |
| https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| dompdf | php-svg-lib |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "php-svg-lib",
"vendor": "dompdf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `\u003cuse\u003e` tag that references an `\u003cimage\u003e` tag, it merges the attributes from the `\u003cuse\u003e` tag to the `\u003cimage\u003e` tag. The problem pops up especially when the `href` attribute from the `\u003cuse\u003e` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T20:39:17.905Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030"
}
],
"source": {
"advisory": "GHSA-jq98-9543-m4cr",
"discovery": "UNKNOWN"
},
"title": "php-svg-lib unsafe attributes merge when parsing `use` tag"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50252",
"datePublished": "2023-12-12T20:39:17.905Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2024-08-02T22:16:46.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50251
Vulnerability from cvelistv5
Published
2023-12-12 20:37
Modified
2025-05-22 18:38
Severity ?
EPSS score ?
Summary
php-svg-lib possible DoS caused by infinite recursion when parsing SVG document
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2 | x_refsource_CONFIRM | |
| https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| dompdf | php-svg-lib |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50251",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:38:09.177526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:38:53.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "php-svg-lib",
"vendor": "dompdf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T20:37:23.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0"
}
],
"source": {
"advisory": "GHSA-ff5x-7qg5-vwf2",
"discovery": "UNKNOWN"
},
"title": "php-svg-lib possible DoS caused by infinite recursion when parsing SVG document"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50251",
"datePublished": "2023-12-12T20:37:23.035Z",
"dateReserved": "2023-12-05T20:42:59.377Z",
"dateUpdated": "2025-05-22T18:38:53.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25117
Vulnerability from cvelistv5
Published
2024-02-21 16:25
Modified
2024-08-28 17:57
Severity ?
EPSS score ?
Summary
php-svg-lib lacks path validation on font through SVG inline styles
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273 | x_refsource_CONFIRM | |
| https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa | x_refsource_MISC | |
| https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| dompdf | php-svg-lib |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dompdf:php-svg-lib:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "php-svg-lib",
"vendor": "dompdf",
"versions": [
{
"lessThan": "0.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25117",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:39:36.654495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:57:19.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "php-svg-lib",
"vendor": "dompdf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn\u0027t contain a PHAR url, which might leads to RCE on PHP \u003c 8.0, and doesn\u0027t validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T16:25:17.970Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa"
},
{
"name": "https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42"
}
],
"source": {
"advisory": "GHSA-f3qr-qr4x-j273",
"discovery": "UNKNOWN"
},
"title": "php-svg-lib lacks path validation on font through SVG inline styles "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25117",
"datePublished": "2024-02-21T16:25:17.970Z",
"dateReserved": "2024-02-05T14:14:46.379Z",
"dateUpdated": "2024-08-28T17:57:19.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}