CVE-2021-3838
Publication date 14 February 2023
Last updated 21 November 2024
Ubuntu priority
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| php-dompdf | ||
| 22.04 LTS jammy |
Fixed 0.6.2+dfsg-3.1ubuntu0.1
|
|
| 20.04 LTS focal |
Fixed 0.6.2+dfsg-3ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 0.6.2+dfsg-3ubuntu0.18.04.1~esm1
|
|
| 16.04 LTS xenial |
Fixed 0.6.1+dfsg-2ubuntu1+esm1
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6277-1
- Dompdf vulnerabilities
- 8 August 2023
- USN-6277-2
- Dompdf vulnerabilities
- 10 August 2023