PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXML_DTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.