CVE-2023-23924 CRITICAL

CVE-2023-23924: URI validation failure on SVG parsing in Dompdf

Vendor Dompdf
Product dompdf
Weakness CWE-551
Published January 31, 2023
Last update March 10, 2025
View on NVD All CVEs

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

What the vulnerability does

01Description

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

Key dates

02Disclosure timeline

January 31, 2023 CVE published
March 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-4636 Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources. CVE-2021-32779 Incorrectly handling of URI '#fragment' element as part of the path element CVE-2016-20030 ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction CVE-2026-0707 Keycloak: keycloak authorization header parsing leading to potential security control bypass CVE-2021-32777 Incorrect concatenation of multiple value request headers in ext-authz extension