Name of the Vulnerable Software and Affected Versions: dompdf (affected versions not specified)

Description: The issue arises from a lack of sanitization in the font path returned by php-svg-lib, which can be exploited when an inline CSS font is defined. This can lead to metadata unserializing on a PHAR file through the phar:// URL handler on PHP versions prior to 8.0. On other versions, it might be used to achieve a Server-Side Request Forgery (SSRF) through protocols like ftp, bypassing authorized protocols configured on dompdf. The problem lies in the openFont function of the lib/Cpdf.php library, where the $font variable passed by php-svg-lib isn't checked correctly. An attacker might exploit this vulnerability to call arbitrary URLs with arbitrary protocols if they can force dompdf to parse a SVG with an inline CSS property using a malicious font-family.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.