{"id":"CVE-2022-28368","details":"Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).","aliases":["GHSA-x752-qjv4-c4hc"],"modified":"2026-04-12T05:04:59.792903Z","published":"2022-04-03T03:15:08.117Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/171738/Dompdf-1.2.1-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"https://github.com/snyk-labs/php-goof"},{"type":"ADVISORY","url":"https://packagist.org/packages/dompdf/dompdf#v1.2.1"},{"type":"FIX","url":"https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d"},{"type":"FIX","url":"https://github.com/dompdf/dompdf/issues/2598"},{"type":"FIX","url":"https://github.com/dompdf/dompdf/pull/2808"},{"type":"EVIDENCE","url":"https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dompdf/dompdf","events":[{"introduced":"0"},{"fixed":"c6dfd9bb8b0040609f04754f729d4cb3016e0575"},{"fixed":"4c70e1025bcd9b7694b95dd552499bd83cd6141d"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.2.1"}],"cpe":"cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*"}}],"versions":["v0.6.0","v0.6.0-b3","v0.6.1","v0.6.2","v0.7.0","v0.7.0-beta3","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v1.0.0","v1.0.1","v1.0.2","v1.1.0","v1.1.1","v1.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28368.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}