php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to.....
6.8CVSS
7AI Score
0.0004EPSS
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...
7.5CVSS
7.4AI Score
0.0005EPSS
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...
7.5CVSS
7.4AI Score
0.0004EPSS
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling <use> tag that references an <image> tag, it merges the attributes from the <use> tag to the <image> tag. The problem pops up especially when the href attribute from the <use>...
9.8CVSS
9.2AI Score
0.001EPSS
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing <image> tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call ar...
10CVSS
9.3AI Score
0.01EPSS
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input...
9.8CVSS
9.5AI Score
0.161EPSS
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to...
5.3CVSS
5.5AI Score
0.001EPSS
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However,....
10CVSS
9.6AI Score
0.01EPSS
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...
8.3AI Score
0.004EPSS
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face...
7.5CVSS
7.4AI Score
0.003EPSS
5.3CVSS
5.2AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.006EPSS
6.5CVSS
7.1AI Score
0.001EPSS
6.5CVSS
7.2AI Score
0.001EPSS