VIR Vulnerability Intelligence Relay

CVE-2021-3838

unknown
Published 2024-11-15 · Modified 2024-11-18
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
VIR risk

Description

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-3838

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.0.2+dfsg-1
debian debianbullseyefixed0.6.2+dfsg-3.1+deb11u1
debian debiansidfixed2.0.2+dfsg-1

Package impact
EcosystemPackageVulnerableFixed
php Packagistdompdf/dompdf<2.0.02.0.0

References

Verify integrity in audit chain (admin only). AS-IS.