CVE | CVE-2022-41343 |
CVE Title | |
Published Date | 2022-09-25T19:15Z |
Modified Date | 2022-09-28T16:37Z |
CWE Type | CWE-552 |
CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description | registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://github.com/dompdf/dompdf/releases/tag/v2.0.1 |
Reference Description | MISC https://github.com/dompdf/dompdf/releases/tag/v2.0.1 |
Reference URL | https://github.com/dompdf/dompdf/issues/2994 |
Reference Description | MISC https://github.com/dompdf/dompdf/issues/2994 |
Reference URL | https://github.com/dompdf/dompdf/pull/2995 |
Reference Description | MISC https://github.com/dompdf/dompdf/pull/2995 |
Tags | Release Notes Third Party Advisory |
Sources | NIST MITRE |