CVE-2022-41343
published 2022-09-25CVE-2022-41343: registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
4.06%
89.4th percentile
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-dompdf | — | — |
| dompdf | dompdf | >= 0 < 2.0.1 | 2.0.1 |
| dompdf_project | dompdf | < 2.0.1 | 2.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable function is `registerFont` in `FontMetrics.php` in Dompdf before 2.0.1; monitor for exploitation attempts targeting this file via @font-face rules with remote URIs ↗
- →Attack vector involves supplying a malicious @font-face CSS rule to trigger remote file inclusion through the font registration path; inspect CSS input processed by Dompdf for external/unexpected URI references in @font-face declarations ↗
- ·Vulnerability is only present in Dompdf versions before 2.0.1; confirm patched version is deployed (bookworm, bullseye, and sid Debian releases are resolved) ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-41343: php-dompdf - registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclus...
vendor_debian·2022·CVSS 7.5
CVE-2022-41343 [HIGH] CVE-2022-41343: php-dompdf - registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclus...
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
Scope: local
bookworm: resolved
bullseye: resolved
sid: resolved
GHSA
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
ghsa·2022-09-26
CVE-2022-41343 [HIGH] CWE-552 Dompdf allows remote file inclusion because URI validation failure does not halt font registration
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
`registerFont` in `FontMetrics.php` in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a `@font-face` rule.
OSV
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
osv·2022-09-26
CVE-2022-41343 [HIGH] Dompdf allows remote file inclusion because URI validation failure does not halt font registration
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
`registerFont` in `FontMetrics.php` in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a `@font-face` rule.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/dompdf/dompdf/issues/2994https://github.com/dompdf/dompdf/pull/2995https://github.com/dompdf/dompdf/releases/tag/v2.0.1https://tantosec.com/blog/cve-2022-41343/https://github.com/dompdf/dompdf/issues/2994https://github.com/dompdf/dompdf/pull/2995https://github.com/dompdf/dompdf/releases/tag/v2.0.1https://tantosec.com/blog/cve-2022-41343/https://tantosec.com/blog/cve-2022-41343/
2022-09-25
Published