Headline
GHSA-5qj8-6xxj-hp9h: Dompdf before v2.0.0 vulnerable to chroot check bypass
Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files.
Dompdf before v2.0.0 vulnerable to chroot check bypass
Moderate severity GitHub Reviewed Published Jul 19, 2022 • Updated Jul 21, 2022
Related news
Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
Ubuntu Security Notice 6277-1 - It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code.
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.