CVE-2023-50252

2023-12-1221:15:08

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-50252

svg file parsing

rendering library

<use> tag

<image> tag

href attribute

unsafe file read

phar deserialization vulnerability

php 8

patch

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

JSON

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling <use> tag that references an <image> tag, it merges the attributes from the <use> tag to the <image> tag. The problem pops up especially when the href attribute from the <use> tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.

OSVersionArchitecturePackageVersionFilename
Debian12allphp-dompdf-svg-lib< 0.5.0-3+deb12u1php-dompdf-svg-lib_0.5.0-3+deb12u1_all.deb
Debian999allphp-dompdf-svg-lib< 0.5.1-1php-dompdf-svg-lib_0.5.1-1_all.deb
Debian13allphp-dompdf-svg-lib< 0.5.1-1php-dompdf-svg-lib_0.5.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	php-dompdf-svg-lib	< 0.5.0-3+deb12u1	php-dompdf-svg-lib_0.5.0-3+deb12u1_all.deb
Debian	999	all	php-dompdf-svg-lib	< 0.5.1-1	php-dompdf-svg-lib_0.5.1-1_all.deb
Debian	13	all	php-dompdf-svg-lib	< 0.5.1-1	php-dompdf-svg-lib_0.5.1-1_all.deb