Vulnerability Description
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dompdf Project | Dompdf | 2.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85PatchThird Party Advisory
- https://github.com/dompdf/dompdf/releases/tag/v2.0.2Release NotesThird Party Advisory
- https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qgExploitThird Party Advisory
- https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85PatchThird Party Advisory
- https://github.com/dompdf/dompdf/releases/tag/v2.0.2Release NotesThird Party Advisory
- https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qgExploitThird Party Advisory
FAQ
What is CVE-2023-23924?
CVE-2023-23924 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on...
How severe is CVE-2023-23924?
CVE-2023-23924 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-23924?
Check the references section above for vendor advisories and patch information. Affected products include: Dompdf Project Dompdf.