Browse all 10 CVE security advisories affecting dompdf. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dompdf is a PHP library for converting HTML to PDF, widely used for generating documents dynamically. Historically, it has been vulnerable to multiple remote code execution (RCE) flaws due to unsafe processing of untrusted input, allowing attackers to execute arbitrary code. Cross-site scripting (XSS) vulnerabilities have also been common through improper output sanitization. The library has faced privilege escalation issues in certain configurations. With 10 CVEs recorded, dompdf's security posture has been periodically compromised, with some vulnerabilities enabling complete system compromise when deployed with elevated privileges or in shared hosting environments. Its parsing of complex HTML and CSS remains a persistent attack surface.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-25117 | php-svg-lib lacks path validation on font through SVG inline styles — php-svg-libCWE-73 | 6.8 | Medium | 2024-02-21 |
| CVE-2023-50252 | php-svg-lib unsafe attributes merge when parsing `use` tag — php-svg-libCWE-15 | 8.3 | High | 2023-12-12 |
| CVE-2023-50251 | php-svg-lib possible DoS caused by infinite recursion when parsing SVG document — php-svg-libCWE-674 | 5.3 | Medium | 2023-12-12 |
This page lists every published CVE security advisory associated with dompdf. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.