CVE-2023-24813

Name of the Vulnerable Software and Affected Versions Dompdf versions prior to 2.0.3

Description The issue arises from the difference in attribute parsing between Dompdf and php-svg-lib, allowing an attacker to call arbitrary URLs with arbitrary protocols. Dompdf respects the xlink:href attribute even if the href attribute is specified, while php-svg-lib parses the href attribute. This discrepancy enables an attacker to bypass protection by providing an empty xlink:href attribute. In PHP versions before 8.0.0, this can lead to arbitrary unserialize, resulting in arbitrary file deletion and potentially remote code execution, depending on available classes.

Recommendations For Dompdf versions prior to 2.0.3, upgrade to release version 2.0.3 or later to address the vulnerability. As a temporary workaround, consider restricting the use of SVG files in Dompdf until the issue is resolved. Avoid using the href attribute in image tags with both xlink:href and href specified to minimize the risk of exploitation.