Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2023-50262

Medium priority
Not affected

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself....

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-3902

Medium priority
Not affected

[Unknown description]

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-3838

Medium priority

Some fixes available 4 of 5

[Unknown description]

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-24813

High priority
Not affected

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of...

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-23924

Medium priority
Not affected

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar`...

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-41343

Medium priority
Not affected

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-2400

Medium priority

Some fixes available 4 of 22

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

3 affected packages

civicrm, icingaweb2, php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
icingaweb2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
php-dompdf Not in release Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-0085

Medium priority
Ignored

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-28368

Medium priority
Ignored

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Not affected
Show less packages

CVE-2014-5013

Medium priority

Some fixes available 1 of 5

DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.

1 affected packages

php-dompdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-dompdf Not affected Not affected Not affected Fixed
Show less packages