Remote code execution in Dompdf
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-41343 |
| CWE-ID | CWE-552 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Dompdf Web applications / Modules and components for CMS |
| Vendor | dompdf |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Files or Directories Accessible to External Parties
EUVDB-ID: #VU72316
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-41343
CWE-ID:
CWE-552 - Files or Directories Accessible to External Parties
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure handling of data passed via the "src:url" field of an @font-face Cascading Style Sheets (CSS) statement inside an HTML input file to the registerFont() function in FontMetrics.php. A remote attacker can write arbitrary data to the filesystem (e.g. can create a .php file) and later execute it on the server.
Note, the vulnerability exists due to insufficient patch for #VU72315 (CVE-2022-28368).
Install updates from vendor's website.
Vulnerable software versionsDompdf: 0.7.0 - 2.0.0
External linkshttp://github.com/dompdf/dompdf/releases/tag/v2.0.1
http://github.com/dompdf/dompdf/issues/2994
http://github.com/dompdf/dompdf/pull/2995
http://tantosec.com/blog/cve-2022-41343/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
