What is the severity of CVE-2014-2383?

CVE-2014-2383 is classified as a medium severity vulnerability due to its potential for arbitrary file read access.

How do I fix CVE-2014-2383?

To fix CVE-2014-2383, upgrade to dompdf version 0.6.1 or later.

What causes the vulnerability in CVE-2014-2383?

CVE-2014-2383 is caused by an issue in dompdf where enabling DOMPDF_ENABLE_PHP allows the use of PHP input wrappers to bypass security protections.

Is my system affected by CVE-2014-2383?

If you are using dompdf versions prior to 0.6.1 with DOMPDF_ENABLE_PHP enabled, your system is at risk from CVE-2014-2383.

What are the potential impacts of CVE-2014-2383?

The potential impacts of CVE-2014-2383 include unauthorized access to sensitive files on the system, leading to data breaches.

Vulnerability/
CVE-2014-2383

medium

6.8

CWE

200

10/3/2014

28/4/2014

6/8/2024

CVE-2014-2383: Infoleak

First published: Mon Mar 10 2014(Updated: )

Arbitrary file read in dompdf

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/dompdf/dompdf	>=0.6.0<0.6.1
Dompdf Dompdf	<=0.6.0
composer/dompdf/dompdf	>=0.6.0<0.6.1	0.6.1

Remedy

https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-2383?
CVE-2014-2383 is classified as a medium severity vulnerability due to its potential for arbitrary file read access.
How do I fix CVE-2014-2383?
To fix CVE-2014-2383, upgrade to dompdf version 0.6.1 or later.
What causes the vulnerability in CVE-2014-2383?
CVE-2014-2383 is caused by an issue in dompdf where enabling DOMPDF_ENABLE_PHP allows the use of PHP input wrappers to bypass security protections.
Is my system affected by CVE-2014-2383?
If you are using dompdf versions prior to 0.6.1 with DOMPDF_ENABLE_PHP enabled, your system is at risk from CVE-2014-2383.
What are the potential impacts of CVE-2014-2383?
The potential impacts of CVE-2014-2383 include unauthorized access to sensitive files on the system, leading to data breaches.

collector/friends-of-php
collector/nvd-index
agent/first-publish-date
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-qr6q-w4gj-3865
alias/CVE-2014-2383
agent/software-canonical-lookup
agent/remedy
agent/references
agent/severity
agent/weakness
agent/softwarecombine
agent/description
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/tags
agent/source
package-manager/composer
vendor/dompdf
canonical/dompdf dompdf
version/dompdf dompdf/0.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2014-2383?
CVE-2014-2383 is classified as a medium severity vulnerability due to its potential for arbitrary file read access.
How do I fix CVE-2014-2383?
To fix CVE-2014-2383, upgrade to dompdf version 0.6.1 or later.
What causes the vulnerability in CVE-2014-2383?
CVE-2014-2383 is caused by an issue in dompdf where enabling DOMPDF_ENABLE_PHP allows the use of PHP input wrappers to bypass security protections.
Is my system affected by CVE-2014-2383?
If you are using dompdf versions prior to 0.6.1 with DOMPDF_ENABLE_PHP enabled, your system is at risk from CVE-2014-2383.
What are the potential impacts of CVE-2014-2383?
The potential impacts of CVE-2014-2383 include unauthorized access to sensitive files on the system, leading to data breaches.