Lucene search
K

324 matches found

Github Security Blog
Github Security Blog
added 2023/12/13 11:9 p.m.25 views

Denial of service caused by infinite recursion when parsing SVG images

Summary When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, a recursive chained using two or more SVG documents is not correctly validated. Depending on t...

7.5CVSS7.2AI score0.01463EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/12/13 9:15 p.m.25 views

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

7.5CVSS0.01463EPSS
Exploits1References3
OSV
OSV
added 2023/12/13 9:15 p.m.3 views

DEBIAN-CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

7.5CVSS7.5AI score0.01463EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/12/13 9:15 p.m.18 views

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

7.5CVSS7.2AI score0.01463EPSS
Exploits1References5
Prion
Prion
added 2023/12/13 9:15 p.m.22 views

Input validation

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

5CVSS7AI score0.01463EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/13 8:52 p.m.33 views

CVE-2023-50262 Dompdf possible DoS caused by infinite recursion when parsing SVG images

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

5.3CVSS7.7AI score0.01463EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/12/13 8:52 p.m.25 views

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

7.5CVSS7.5AI score0.01463EPSS
Exploits1
CVE
CVE
added 2023/12/13 8:52 p.m.44 views

CVE-2023-50262

Dompdf (PHP HTML-to-PDF) is vulnerable to a DoS via infinite recursion when parsing chained SVG references. Prior to version 2.0.4, self-references are checked, but chained references between two or more SVG images are not validated, which can exhaust memory or processing time on affected systems...

7.5CVSS6.2AI score0.01463EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/12/13 8:52 p.m.31 views

CVE-2023-50262 Dompdf possible DoS caused by infinite recursion when parsing SVG images

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

5.3CVSS7.5AI score0.01463EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.6 views

Dompdf Security Vulnerabilities

Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf versions prior to 2.0.4, which stems from a recursive link that is not properly validated and may exhaust the memory available to the executing process and/or the server itself...

7.5CVSS6.6AI score0.01463EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

php-svg-lib security vulnerability

php-svg-lib is an open source SVG file parsing/rendering library from dompdf. A security vulnerability exists in versions of php-svg-lib prior to 0.5.1, which stems from the fact that parsing attributes passed to the use tag within an svg document may cause the system to enter infinite recursion,...

7.5CVSS6.8AI score0.00878EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/11/03 12:0 a.m.6 views

The vulnerability of the dompdf library in the PDF Generator plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the dompdf library in the PDF Generator plugin of the WordPress content management system is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.1CVSS6AI score0.01193EPSS
Exploits2References5Affected Software1
Debian
Debian
added 2023/08/11 9:2 a.m.19 views

[SECURITY] [DLA 3495-2] php-dompdf regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-2 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès August 10, 2023 https://wiki.debian.org/LTS -...

9.8CVSS5.7AI score0.0143EPSS
Exploits2
OpenVAS
OpenVAS
added 2023/08/11 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6277-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.04556EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2023/08/10 6:31 p.m.56 views

USN-6277-2: Dompdf vulnerabilities

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...

9.8CVSS7.6AI score0.0143EPSS
Exploits2
OSV
OSV
added 2023/08/10 6:31 p.m.7 views

USN-6277-2 php-dompdf vulnerabilities

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...

9.8CVSS7.5AI score0.0143EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/08/10 12:0 a.m.15 views

Ubuntu 22.04 LTS : Dompdf vulnerabilities (USN-6277-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6277-2 advisory. USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Tenable has extracted the preceding...

9.8CVSS7.3AI score0.0143EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2023/08/09 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-6277-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.04556EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2023/08/08 2:10 p.m.44 views

USN-6277-1: Dompdf vulnerabilities

It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...

9.8CVSS7.4AI score0.04556EPSS
Exploits2
OSV
OSV
added 2023/08/08 2:10 p.m.5 views

USN-6277-1 php-dompdf vulnerabilities

It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...

9.8CVSS7.4AI score0.04556EPSS
Exploits2References6
Rows per page
Query Builder