An attacker can exploit this flaw to inject code into a vulnerable application and receive code execution privileges. This issue was addressed by disabling font registration through the @font-face rule. CVE-2018-1130 An exploitable error exists in _getFonts in FontMetrics.php in Dompdf before 2.0.1. An attacker can inject malicious @font-face rules into an affected application and cause a denial of service. This issue was addressed by disabling @font-face rules in the application. NOTE: If you are using a version of Dompdf prior to 2.0.1, you must upgrade to 2.0.1 to protect against this CVE. An exploitable error exists in _getFonts in FontMetrics.php in Dompdf before 2.0.1. An attacker can inject malicious @font-face rules into an affected application and cause a denial of service. This issue was addressed by disabling @font-face rules in the application. If you are using a version of Dompdf prior to 2.0.1, you must upgrade to 2.0.1 to protect against this CVE. An exploitable error exists in _getFonts in FontMetrics.php in Dompdf before 2.0.1. An attacker can inject malicious @font-face rules into an affected application and cause a denial of service. This issue was addressed by disabling @font-face rules in the application. If you
vulneralge and reciprocal
The vulnerability could be exploited remotely.
Timeline
Published on: 09/25/2022 19:15:00 UTC
Last modified on: 09/28/2022 16:37:00 UTC