CVE-2022-41343

Files or Directories Accessible to External Parties in packagist/dompdf/dompdf

Identifiers

CVE-2022-41343

Package Slug

packagist/dompdf/dompdf

Vulnerability

Files or Directories Accessible to External Parties

Description

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

Affected Versions

All versions before 2.0.1

Solution

Upgrade to version 2.0.1 or above.

Last Modified

2022-09-29

source