CVE-2024-25117

2024-02-2117:15:09

CWE-502

CWE-73

[email protected]

web.nvd.nist.gov

php

svg

library

security

vulnerability

rce

font-family

validation

bypass

restriction

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn’t contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn’t validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The Style::fromAttributes(), or the Style::parseCssStyle() should check the content of the font-family and prevents it to use a PHAR url, to avoid passing an invalid and dangerous fontName value to other libraries. The same check as done in the Style::fromStyleSheets might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the fontName that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.

Affected configurations

Vulners

Node

dompdfphp-svg-libRange<0.5.2

VendorProductVersionCPE
dompdfphp\-svg\-lib*cpe:2.3:a:dompdf:php\-svg\-lib:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dompdf	php\-svg\-lib	*	cpe:2.3:a:dompdf:php\-svg\-lib::::::::

CNA Affected

[
  {
    "vendor": "dompdf",
    "product": "php-svg-lib",
    "versions": [
      {
        "version": "< 0.5.2",
        "status": "affected"
      }
    ]
  }
]