CVE-2023-50262
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 13, 2023
Updated: Dec 19, 2023
CWE ID 674
CWE ID 20
Summary
CVE-2023-50262 is a vulnerability affecting Dompdf, an HTML to PDF converter for PHP. Prior to version 2.0.4, Dompdf fails to correctly validate recursive chained SVG references, leading to memory exhaustion or server crashes. When used together with php-svg-lib, the vulnerability allows for infinite recursion, causing resource exhaustion when processing malicious payloads. The exploit relies on chained references between two or more SVG images, potentially making the system unable to handle incoming requests. The issue has been addressed in version 2.0.4.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Dompdf Project Dompdf
Affected Vendors
- Dompdf Project
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-50262 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions