Lucene search

PRIOn knowledge basePRION:CVE-2022-41343

HistorySep 25, 2022 - 7:15 p.m.

Remote file inclusion

2022-09-2519:15:00

PRIOn knowledge base

www.prio-n.com

dompdf

registerfont

vulnerability

remote file inclusion

fontmetrics.php

nvd

0.003 Low

EPSS

Percentile

65.9%

JSON

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

CPENameOperatorVersion
dompdflt2.0.1

CPE	Name	Operator	Version
	dompdf	lt	2.0.1

References

github.com/dompdf/dompdf/issues/2994

github.com/dompdf/dompdf/pull/2995

github.com/dompdf/dompdf/releases/tag/v2.0.1

tantosec.com/blog/cve-2022-41343/

0.003 Low

EPSS

Percentile

65.9%

JSON

Related for PRION:CVE-2022-41343