cbcvebase.
CVE-2023-50252
published 2023-12-12

CVE-2023-50252: php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
23.90%
97.5th percentile
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from the `` tag to the `` tag. The problem pops up especially when the `href` attribute from the `` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianphp-dompdf-svg-lib< php-dompdf-svg-lib 0.5.0-3+deb12u1 (bookworm)php-dompdf-svg-lib 0.5.0-3+deb12u1 (bookworm)
dompdfphp-svg-lib< 0.5.10.5.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in php-svg-lib prior to version 0.5.1; detect use of vulnerable versions where `href` attribute in `<use>` tags referencing `<image>` tags is not sanitized, enabling PHAR deserialization via unsafe file reads
  • ·PHAR deserialization impact is limited to PHP versions prior to version 8; PHP 8+ is not affected by the deserialization vector
  • ·Fixed in php-svg-lib 0.5.1 (upstream), Debian bookworm fix is 0.5.0-3+deb12u1, Debian sid fix is 0.5.1-1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.