Information on source package php-dompdf

Available versions

ReleaseVersion
jessie0.6.1+dfsg-2+deb8u1
stretch0.6.2+dfsg-3
buster0.6.2+dfsg-3+deb10u2
bullseye0.6.2+dfsg-3.1
bookworm2.0.3+dfsg-1
trixie3.0.0+dfsg-2
sid3.0.0+dfsg-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-50262vulnerablevulnerablefixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedDompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...
CVE-2023-24813vulnerablevulnerablefixedfixedfixedfixedfixedDompdf is an HTML to PDF converter written in php. Due to the differen ...
CVE-2022-28368vulnerablefixedfixedfixedfixedfixedfixedDompdf 1.2.1 allows remote code execution via a .php file in the src:u ...
CVE-2022-2400vulnerablevulnerablefixedvulnerable (no DSA)fixedfixedfixedExternal Control of File Name or Path in GitHub repository dompdf/domp ...
CVE-2021-3902vulnerablevulnerablefixedfixedfixedfixedfixedAn improper restriction of external entities (XXE) vulnerability in do ...
CVE-2021-3838vulnerablevulnerablefixedvulnerable (no DSA)fixedfixedfixedDomPDF before version 2.0.0 is vulnerable to PHAR deserialization due ...

Resolved issues

BugDescription
CVE-2023-23924Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...
CVE-2022-41343registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...
CVE-2022-0085Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf ...
CVE-2014-5013DOMPDF before 0.6.2 allows remote code execution, a related issue to C ...
CVE-2014-5012DOMPDF before 0.6.2 allows denial of service.
CVE-2014-5011DOMPDF before 0.6.2 allows Information Disclosure.
CVE-2014-2383dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...
CVE-2010-4879PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 ...

Security announcements

DSA / DLADescription
DLA-3495-2php-dompdf - regression update
DLA-3495-1php-dompdf - security update
Search for package or bug name: Reporting problems