Lucene search
Veracode Vulnerability DatabaseVERACODE:39195HistoryFeb 10, 2023 - 7:49 a.m.
Arbitrary Code Execution
2023-02-1007:49:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
35
dompdf
cache.php
arbitrary code execution
svg files
php-svg-lib
url parsing
EPSS
0.005
Percentile
75.6%
dompdf/dompdf is vulnerable to Arbitrary Code Execution. The vulnerability exists in Cache.php due to a lack of validations for SVG files in Dompdf and php-svg-lib, allowing an attacker to parse an arbitrary URL with arbitrary protocols, which can resulting in Arbitrary Code Execution.
Related
prion
prion
Design/Logic Flaw
2023-02-07 19:15:00
debiancve
debiancve
CVE-2023-24813
2023-02-07 19:15:09
ubuntucve
ubuntucve
CVE-2023-24813
2023-02-07 00:00:00
osv
osv
CVE-2023-24813
2023-02-07 19:15:09
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
2023-02-07 18:16:23
nvd
nvd
CVE-2023-24813
2023-02-07 19:15:09
cvelist
cvelist
cve
cve
CVE-2023-24813
2023-02-07 19:15:09
github
github
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
2023-02-07 18:16:23
f5
f5
K000132775 : DOMPDF vulnerabilities CVE-2023-23924 and CVE-2023-24813
2023-02-27 00:00:00