CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt