CVE-2023-50262

Summary

CVE-2023-50262 is a vulnerability affecting Dompdf, an HTML to PDF converter for PHP. Prior to version 2.0.4, Dompdf fails to correctly validate recursive chained SVG references, leading to memory exhaustion or server crashes. When used together with php-svg-lib, the vulnerability allows for infinite recursion, causing resource exhaustion when processing malicious payloads. The exploit relies on chained references between two or more SVG images, potentially making the system unable to handle incoming requests. The issue has been addressed in version 2.0.4.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.