Moderate severityNVD Advisory· Published Apr 28, 2014· Updated Jun 17, 2026
CVE-2014-2383
CVE-2014-2383
Description
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dompdf/dompdfPackagist | >= 0.6.0, < 0.6.1 | 0.6.1 |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028nvdPatchThird Party AdvisoryWEB
- seclists.org/fulldisclosure/2014/Apr/258nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/archive/1/531912/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-qr6q-w4gj-3865ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-2383ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2014-2383.yamlghsaWEB
- web.archive.org/web/20151215023329/http://www.securityfocus.com/archive/1/531912/100/0/threadedghsaWEB
- www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/nvdBroken Link
- explore.avertium.com/resource/lfi-rfi-escalation-to-rcenvd
News mentions
0No linked articles in our index yet.