Vulnerability identifier: #VU72316

Vulnerability risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-41343

CWE-ID: CWE-552

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Dompdf
Web applications / Modules and components for CMS

Vendor: dompdf

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure handling of data passed via the "src:url" field of an @font-face Cascading Style Sheets (CSS) statement inside an HTML input file to the registerFont() function in FontMetrics.php. A remote attacker can write arbitrary data to the filesystem (e.g. can create a .php file) and later execute it on the server.

Note, the vulnerability exists due to insufficient patch for #VU72315 (CVE-2022-28368).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Dompdf: 0.7.0 - 2.0.0

---

External links
http://github.com/dompdf/dompdf/releases/tag/v2.0.1
http://github.com/dompdf/dompdf/issues/2994
http://github.com/dompdf/dompdf/pull/2995
http://tantosec.com/blog/cve-2022-41343/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.