Dompdf Php-Svg-Lib vulnerabilities
3 known vulnerabilities affecting dompdf/php-svg-lib.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-50252P2CRITICALCVSS 9.8fixed in 0.5.12023-12-12
CVE-2023-50252 [CRITICAL] CWE-15 CVE-2023-50252: php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from the `` tag to the `` tag. The problem pops up especially when the `href` attribute from the `` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserializat
nvd
CVE-2024-25117P3CRITICALCVSS 9.8fixed in 0.5.22024-02-21
CVE-2024-25117 [CRITICAL] CWE-73 CVE-2024-25117: php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are usin
nvd
CVE-2023-50251P3HIGHCVSS 7.5fixed in 0.5.12023-12-12
CVE-2023-50251 [HIGH] CWE-674 CVE-2023-50251: php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the att
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to th
nvd