New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote code execution vulnerability through persisted font #2598
Labels
Milestone
Comments
|
I apologize for the delay. We have received the information and will review. |
|
FYI, after reviewing the vulnerability and in consideration of the public release I'm going to include a patch in the upcoming 1.2.1 release. |
bsweeney
added a commit
that referenced
this issue
Mar 17, 2022
bsweeney
added a commit
that referenced
this issue
Mar 21, 2022
keulinho
pushed a commit
to shopwareLabs/dompdf
that referenced
this issue
Apr 12, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A malicious user is able to use Dompdf to execute code remotely under the following conditions:
On a vulnerable system a user can reference a specially crafted font file that is able to pass the initial parsing process, at which time Dompdf persists the font file to the font directory with an extension matching that of the file on the remote system. At this point the user is able to load the persisted file to execute code within the context of the PHP process.
Recommended mitigations for Dompdf versions prior to 1.2.1:
Vulnerability details are available on the Positive Security blog.
Refer to the wiki for additional information on securing Dompdf.
The text was updated successfully, but these errors were encountered: