CVE-2023-24813 : Security Advisory and Response

This CVE involves a URI validation failure on SVG parsing in Dompdf, leading to a bypass of CVE-2023-23924, with critical severity.

Understanding CVE-2023-24813

This vulnerability in Dompdf, an HTML to PDF converter written in PHP, allows attackers to call arbitrary URLs with arbitrary protocols through SVG files.

What is CVE-2023-24813?

Dompdf and php-svg-lib differ in their attribute parsing mechanisms. Attackers can exploit this disparity to bypass Dompdf's protection by providing an empty

xlink:href

attribute in an SVG file. This can lead to arbitrary remote code execution and arbitrary file deletion in PHP versions before 8.0.0.

The Impact of CVE-2023-24813

The impact of this vulnerability is critical, with a CVSS v3.1 base score of 10. It poses a high risk to confidentiality, integrity, and availability as attackers can execute arbitrary code and delete files.

Technical Details of CVE-2023-24813

This section delves into the specifics of the vulnerability, including its description, affected systems, versions, and exploitation mechanism.

Vulnerability Description

The vulnerability arises from the parsing differences between Dompdf and php-svg-lib, allowing attackers to manipulate attribute parsing to call arbitrary URLs with arbitrary protocols and potentially execute remote code.

Affected Systems and Versions

The vulnerability affects the Dompdf PHP library in version 2.0.2. Users are advised to upgrade to version 2.0.3, where a patch for this vulnerability has been included.

Exploitation Mechanism

Attackers can exploit this vulnerability by providing an SVG file with crafted attributes, taking advantage of the parsing inconsistencies between Dompdf and php-svg-lib to bypass URI validation and execute arbitrary code.

Mitigation and Prevention

To safeguard against CVE-2023-24813 and prevent potential exploitation, immediate steps and long-term security practices are advised along with prompt patching and updates.

Immediate Steps to Take

Users should upgrade Dompdf to version 2.0.3 to mitigate the vulnerability effectively. Additionally, limiting access to vulnerable systems and monitoring for suspicious activities can help prevent exploitation.

Long-Term Security Practices

In the long term, maintaining up-to-date software versions, implementing secure coding practices, and conducting regular security assessments can enhance overall security posture and prevent similar vulnerabilities.

Patching and Updates

Regularly applying security patches and updates provided by software vendors is crucial to address known vulnerabilities and protect systems from potential exploits associated with CVE-2023-24813.