Описание
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tuxguitar | fixed | 1.5.6+dfsg1-7 | package | |
| tuxguitar | ignored | bookworm | package | |
| tuxguitar | no-dsa | bullseye | package | |
| tuxguitar | no-dsa | buster | package | |
| tuxguitar | no-dsa | stretch | package | |
| tuxguitar | no-dsa | jessie | package |
Примечания
https://logicaltrust.net/blog/2020/06/tuxguitar.html
https://sourceforge.net/p/tuxguitar/bugs/126/
Fixed by: https://github.com/helge17/tuxguitar/commit/bcaa280e93b0d67dc6f903b6e23a051a7894ba0c
EPSS
Связанные уязвимости
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
EPSS