[CRITICAL] Remote code injection via remote fonts

PKSA-99tj-gg5v-4g74 CVE-2022-28368 GHSA-x752-qjv4-c4hc

Affected package: dompdf/dompdf

Affected version: <1.2.1

Reported by:
FriendsOfPHP/security-advisories, GitHub