Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-5qj8-6xxj-hp9h: Dompdf before v2.0.0 vulnerable to chroot check bypass

Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files.

ghsa
#git#pdf

Dompdf before v2.0.0 vulnerable to chroot check bypass

Moderate severity GitHub Reviewed Published Jul 19, 2022 • Updated Jul 21, 2022

Related news

Ubuntu Security Notice USN-6277-2

Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.

Ubuntu Security Notice USN-6277-1

Ubuntu Security Notice 6277-1 - It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code.

CVE-2022-2400: External Control of File Name or Path in dompdf

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.