CVE-2024-25117— php-svg-lib lacks path validation on font through SVG inline styles
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-25117
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
php-svg-lib lacks path validation on font through SVG inline styles
Source: NVD (National Vulnerability Database)
Vulnerability Description
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
php-svg-lib安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
php-svg-lib是dompdf开源的一个 SVG 文件解析/渲染库。 php-svg-lib 0.5.2之前版本存在安全漏洞,该漏洞源于不会验证是否允许外部引用,可能会导致绕过限制或远程代码执行(RCE)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| dompdf | php-svg-lib | < 0.5.2 | - |
II. Public POCs for CVE-2024-25117
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-25117
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: dompdf
- CVE-2021-3902
Improper Restriction of XML External Entity Reference in dom - CVE-2021-3838
PHAR Deserialization in dompdf/dompdf - CVE-2023-50262
Dompdf possible DoS caused by infinite recursion when parsin - CVE-2023-50252
php-svg-lib unsafe attributes merge when parsing `use` tag - CVE-2023-50251
php-svg-lib possible DoS caused by infinite recursion when p
Same weakness: CWE-73
- CVE-2026-41693
i18next-fs-backend: Path traversal via unsanitised lng/ns al - CVE-2026-44127
Local File Inclusion (LFI) and Arbitrary File Deletion - CVE-2026-7633
Totolink N300RH cstecgi.cgi setUploadSetting file inclusion - CVE-2026-42424
OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Rep - CVE-2026-41177
Squidex has Blind SSRF via file:// Protocol in Restore API l
V. Comments for CVE-2024-25117
No comments yet