dompdf/dompdf Security Advisories for v0.6.0 (11)
-
[MEDIUM] Denial of service caused by infinite recursion when parsing SVG images
PKSA-7ztm-rpt3-qqzk CVE-2023-50262 GHSA-3qx2-6f78-w2j2
Affected version: <2.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Dompdf vulnerable to URI validation failure on SVG parsing
PKSA-4jrs-y99s-q8j6 CVE-2023-23924 GHSA-3cw5-7cxw-v5qg
Affected version: <2.0.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Remote file inclusion
PKSA-hbk6-2vfz-8f8n CVE-2022-41343 GHSA-6x28-7h8c-chx4
Affected version: <2.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Dompdf before v2.0.0 vulnerable to chroot check bypass
PKSA-kj9c-tr41-t8mj CVE-2022-2400 GHSA-5qj8-6xxj-hp9h
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Server-Side Request Forgery in dompdf/dompdf
PKSA-872h-8556-2chm CVE-2022-0085 GHSA-pf6p-25r2-fx45
Affected version: <2.0.0
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Remote code injection via remote fonts
PKSA-99tj-gg5v-4g74 CVE-2022-28368 GHSA-x752-qjv4-c4hc
Affected version: <1.2.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Information Disclosure
PKSA-jkcx-z3k3-bbrv CVE-2014-5011 GHSA-jwf8-mjj8-r8hq
Affected version: >=0.6,<0.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Denial Of Service Vector
PKSA-5s2b-r7bs-gpkz CVE-2014-5012 GHSA-q83c-64c9-c42m
Affected version: >=0.6,<0.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Remote Code Execution (complement of CVE-2014-2383)
PKSA-cy5h-xj19-9vd7 CVE-2014-5013 GHSA-jjwj-w3gc-gcw4
Affected version: >=0.6,<0.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] PHP remote file inclusion vulnerability in dompdf.php
PKSA-pw9z-cywx-mmj2 CVE-2010-4879 GHSA-48r9-4v93-x4wh
Affected version: >=0.6,<0.6.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Arbitrary file read in dompdf
PKSA-s5g4-3y43-c9p2 CVE-2014-2383 GHSA-qr6q-w4gj-3865
Affected version: >=0.6.0,<0.6.1
Reported by:
FriendsOfPHP/security-advisories, GitHub