43 matches found
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2023-50251
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...
Debian dsa-5642 : php-dompdf-svg-lib - security update
The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5642 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1...
External Control Of Filename
phenx/php-svg-lib is vulnerable to External Control of Filename. The vulnerability is due to insecure handling of inline CSS font definitions, allowing an attacker to deserialize a PHAR file through the phar:// URL handler. Note that remote code execution is only possible on PHP versions less the...
GHSA-97M3-52WR-XVV2 Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...
php-svg-lib lacks path validation on font through SVG inline styles
Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP href, 0, 7 === "phar://" || $this-document-allowExternalReferences === false && \strtolower\substr$this-href, 0, 5 !== "data:" unset$style"font-family"; PoC Parsing the following SVG...
DEBIAN-CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
Design/Logic Flaw
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
PT-2024-4034 · Unknown · Php-Svg-Lib
Name of the Vulnerable Software and Affected Versions: php-svg-lib versions prior to 0.5.2 Description: The issue is related to the failure of php-svg-lib to validate that the font-family does not contain a PHAR url, which may lead to remote code execution RCE on PHP versions less than 8.0...
Denial of service caused by infinite recursion when parsing SVG images
Summary When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, a recursive chained using two or more SVG documents is not correctly validated. Depending on t...
Denial of service caused by infinite recursion when parsing SVG document
Summary When parsing the attributes passed to a use tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. Details...
GHSA-FF5X-7QG5-VWF2 Denial of service caused by infinite recursion when parsing SVG document
Summary When parsing the attributes passed to a use tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. Details...