CVE-2022-41343

Опубликовано: 25 сент. 2022

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was not-affected
devel	DNE
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/xenial	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
kinetic	not-affected	code not present
lunar	DNE

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-41343

CVSS3: 7.5

nvd

больше 3 лет назад

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

CVE-2022-41343

CVSS3: 7.5

debian

больше 3 лет назад

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...

GHSA-6x28-7h8c-chx4

CVSS3: 7.5

github

больше 3 лет назад

Dompdf allows remote file inclusion because URI validation failure does not halt font registration

7.5 High

CVSS3

CVE-2022-41343

Описание

Пакет php-dompdf

Ссылки на источники

Связанные уязвимости