Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2023.3495
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-3495-1)
Summary:	The remote host is missing an update for the Debian 'php-dompdf' package(s) announced via the DLA-3495-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php-dompdf' package(s) announced via the DLA-3495-1 advisory. Vulnerability Insight: Multiple vulnerabilies were fixed in php-dompdf a CSS 2.1 compliant HTML to PDF converter, written in PHP. CVE-2021-3838 php-dompdf was vulnerable to deserialization of Untrusted Data using PHAR deserialization (phar://) as url for image. CVE-2022-2400 php-dompdf was vulnerable to External Control of File Name bypassing unallowed access verification. For Debian 10 buster, these problems have been fixed in version 0.6.2+dfsg-3+deb10u1. We recommend that you upgrade your php-dompdf packages. For the detailed security status of php-dompdf please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'php-dompdf' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3838 Common Vulnerability Exposure (CVE) ID: CVE-2022-2400 https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a https://lists.debian.org/debian-lts-announce/2023/07/msg00017.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.