CVE-2016-2175

Опубликовано: 01 июн. 2016

Источник: debian

EPSS Низкий

Описание

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libpdfbox-java	fixed	1:1.8.12-1		package

Примечания

Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564
Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565

EPSS

Процентиль: 85%

0.02515

Низкий

Связанные уязвимости

CVE-2016-2175

CVSS3: 7.8

ubuntu

больше 9 лет назад

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

CVE-2016-2175

CVSS3: 5.4

redhat

больше 9 лет назад

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

CVE-2016-2175

CVSS3: 7.8

nvd

больше 9 лет назад

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

GHSA-4c32-xmgj-2g98

CVSS3: 7.8

github

больше 7 лет назад

High severity vulnerability that affects org.apache.pdfbox:pdfbox

EPSS

Процентиль: 85%

0.02515

Низкий