8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-1000005

GHSA ID

GHSA-3cwc-m7c2-qr86

EPSS Score

0.60178%

CWE

CWE-502

Published

5/14/2022

Updated

9/28/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-1000005

CVE-2019-1000005: mPDF Unsafe Deserialization

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-1000005

GHSA ID

GHSA-3cwc-m7c2-qr86

EPSS Score

0.60178%

CWE

CWE-502

Published

5/14/2022

Updated

9/28/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mpdf/mpdf	composer	<= 7.1.7	7.1.8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly identifies getImage() in ImageProcessor as the entry point. The GitHub issue #949 confirms the vulnerable pattern: passing user-controlled src attributes to fopen() (L215 in ImageProcessor.php). PHAR deserialization occurs automatically when accessing files via phar:// wrapper, making this a direct vector for CWE-502. The attack vector requires exactly this function to process malicious img tags, and the patch likely adds protocol validation before file operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

mP** v*rsion *.*.* *n* **rli*r *ont*ins * *W*-***: **s*ri*liz*tion o* Untrust** **t* vuln*r**ility in **tIm***() m*t*o* o* Im***/Im***Pro**ssor *l*ss t**t **n r*sult in *r*itry *o** *x**ution, *il* writ*, *t*.. T*is *tt**k *pp**rs to ** *xploit**l* v

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `**tIm***()` in `Im***Pro**ssor` *s t** *ntry point. T** *it*u* issu* #*** *on*irms t** vuln*r**l* p*tt*rn: p*ssin* us*r-*ontroll** sr* *ttri*ut*s to `*op*n()` (L*** in `Im***Pro**ssor.p*p`). P**R *

8.8

Basic Information

Concerned about an active attack path?

CVE-2019-1000005: mPDF Unsafe Deserialization

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI