CPE-4323BCBE-1452-4249-8D63-B692E4CF0AC2 Detail

CPE Details

DomPdf PHP-SVG-lib 0.3.1

Vendor

dompdf

Product

php-svg-lib

Version

0.3.1

Created

2025-02-06
11h45 +00:00

Modified

2025-02-06
11h45 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:dompdf:php-svg-lib:0.3.1:::::::*

Informations

Vendor

dompdf

Product

php-svg-lib

Version

0.3.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-25117	2024-02-21 16h25 +00:00	php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.	9.8	Critical
CVE-2023-50252	2023-12-12 20h39 +00:00	php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from the `` tag to the `` tag. The problem pops up especially when the `href` attribute from the `` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.	9.8	Critical
CVE-2023-50251	2023-12-12 20h37 +00:00	php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue.	7.5	High

DomPdf PHP-SVG-lib 0.3.1

CPE Details

CPE Name: cpe:2.3:a:dompdf:php-svg-lib:0.3.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:dompdf:php-svg-lib:0.3.1:::::::*