#VU72317 External Control of File Name or Path in Dompdf - CVE-2022-2400

Cybersecurity Help s.r.o.

Published: 2023-02-16

Vulnerability identifier: #VU72317

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2400

CWE-ID: CWE-73

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Dompdf
Web applications / Modules and components for CMS

Vendor: dompdf

Description

The vulnerability allows a remote attacker to view arbitrary images on the system.

The vulnerability exists due to application allows an attacker to control path of the files to include into the generated PDF output. A remote attacker can pass a specially crafted path to the application and include arbitrary images from the server into the resulting PDF file.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Dompdf: 0.7.0 - 1.2.2

External links
https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dompdf