- Vulnerability/
- USN-6277-1
USN-6277-1: Dompdf vulnerabilities
First published: Tue Aug 08 2023(Updated: )
It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013) It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-3838) It was discovered that Dompdf was not properly validating processed HTML content that referenced both a remote base and a local file, which could result in the bypass of a chroot check. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-2400)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/php-dompdf | <0.6.2+dfsg-3ubuntu0.20.04.1 | 0.6.2+dfsg-3ubuntu0.20.04.1 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php-dompdf | <0.6.2+dfsg-3ubuntu0.18.04.1~esm1 | 0.6.2+dfsg-3ubuntu0.18.04.1~esm1 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php-dompdf | <0.6.1+dfsg-2ubuntu1+esm1 | 0.6.1+dfsg-2ubuntu1+esm1 |
| Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-5011
- https://ubuntu.com/security/CVE-2014-5013
- https://ubuntu.com/security/CVE-2022-2400
- https://ubuntu.com/security/CVE-2021-3838
- https://ubuntu.com/security/CVE-2014-5012
- https://ubuntu.com/security/notices/USN-6277-2
- https://launchpad.net/ubuntu/+source/php-dompdf/0.6.2+dfsg-3ubuntu0.20.04.1
- https://ubuntu.com/security/notices/USN-6277-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for the Dompdf vulnerabilities?
The vulnerability ID for the Dompdf vulnerabilities is CVE-2014-5011, CVE-2014-5013, CVE-2022-2400.
What is the affected software for the Dompdf vulnerabilities?
The affected software for the Dompdf vulnerabilities is php-dompdf.
Which Ubuntu versions are affected by the Dompdf vulnerabilities?
The Dompdf vulnerabilities only affect Ubuntu 16.04 LTS, 18.04, and 20.04.
What is the recommended remedy version for the Dompdf vulnerabilities on Ubuntu 20.04?
The recommended remedy version for the Dompdf vulnerabilities on Ubuntu 20.04 is 0.6.2+dfsg-3ubuntu0.20.04.1.
Where can I find more information about the Dompdf vulnerabilities?
You can find more information about the Dompdf vulnerabilities on the Ubuntu Security Notices website.
- agent/references
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-6277-2
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/20.04
- version/ubuntu/18.04
- version/ubuntu/16.04