Bsweeney

**Name of the Vulnerable Software and Affected Versions** php-svg-lib versions prior to 0.5.2 **Description** The issue is related to the failure of php-svg-lib to validate that the font-family does not contain a PHAR url, which may lead to remote code execution (RCE) on PHP versions less than 8.0. Additionally, it does not validate if external references are allowed, potentially leading to bypass of restrictions or RCE on projects using this library if they do not strictly revalidate the fontName passed by php-svg-lib. The `Style::fromAttributes()` and `Style::parseCssStyle()` functions should check the content of the `font-family` to prevent the use of a PHAR url. Libraries using php-svg-lib as a dependency might be vulnerable to some bypass of restrictions or even RCE if they do not double check the value of the `fontName` passed by php-svg-lib. **Recommendations** For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider adding a check in the `Style::fromAttributes()` and `Style::parseCssStyle()` functions to prevent the use of a PHAR url in the `font-family` style. Restrict access to the `fontName` value passed by php-svg-lib to minimize the risk of exploitation. Avoid using the `font-family` style with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dompdf versions prior to 2.0.4 **Description** The issue arises when Dompdf parses SVG images, as it performs an initial validation to ensure that paths within the SVG are allowed. However, prior to version 2.0.4, a recursive chain using two or more SVG documents is not correctly validated. This could exhaust the memory available to the executing process and/or to the server itself. A malicious actor may trigger infinite recursion by chaining references between two or more SVG images, potentially causing resource exhaustion. **Recommendations** For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the processing of SVG images referenced by an `image` element until a patch is available. Restrict access to the `php-svg-lib` module to minimize the risk of exploitation. Avoid using the `image` element in SVG images until the issue is resolved.