CVE-2023-23924

Name of the Vulnerable Software and Affected Versions Dompdf version 2.0.1 Dompdf versions prior to 8.0.0

Description The issue is related to the incorrect order of authorization checks before syntax analysis and canonization when processing <image> tags with uppercase letters in SVG parsing. This can allow a remote attacker to delete arbitrary files or execute arbitrary code. The vulnerability can be exploited by providing a specially crafted SVG file to Dompdf, which can lead to arbitrary object unserialization on PHP versions prior to 8.0.0 through the phar URL wrapper. The estimated impact includes arbitrary file deletion and potential remote code execution, depending on the available classes.

Recommendations For Dompdf version 2.0.1, consider updating to a newer version that includes the fix for this issue. For Dompdf versions prior to 8.0.0, update to version 8.0.0 or later to mitigate the risk of arbitrary object unserialization. As a temporary workaround, consider disabling the processing of <image> tags in SVG files or restricting access to the phar URL wrapper until a patch is available. Restrict access to the Image/Cache.php file to minimize the risk of exploitation.