dompdf/dompdf is vulnerable to remote code execution. The vulnerability exists because the registerFont
function of FontMetrics.php
does not properly halt the font registration when URI validation fails, such as through the @font-face
rule, allowing an attacker to inject and execute maliciously crafted files.
CPE | Name | Operator | Version |
---|---|---|---|
dompdf/dompdf | le | v2.0.0 | |
dompdf/dompdf | le | v2.0.0 |