Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-23924
HistoryFeb 01, 2023 - 12:00 a.m.

CVE-2023-23924

2023-02-0100:00:00
ubuntu.com
ubuntu.com
16
dompdf
svg parsing
uri validation
arbitrary unserialize
remote code execution
php 8.0.0

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

EPSS

0.01

Percentile

84.0%

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can
be bypassed on SVG parsing by passing <image> tags with uppercase
letters. This may lead to arbitrary object unserialize on PHP < 8, through
the phar URL wrapper. An attacker can exploit the vulnerability to call
arbitrary URL with arbitrary protocols, if they can provide a SVG file to
dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize,
that will lead to the very least to an arbitrary file deletion and even
remote code execution, depending on classes that are available.

Notes

Author Note
ccdm94 according to upstream, this only affects version 2.0.1.

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

EPSS

0.01

Percentile

84.0%