CVE-2016-2175

Published: Jun 1, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2017:0179

vendor-advisory

x_refsource_REDHAT

http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html

x_refsource_MISC

[www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

mailing-list

x_refsource_MLIST

DSA-3606

vendor-advisory

x_refsource_DEBIAN

20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

mailing-list

x_refsource_BUGTRAQ

http://svn.apache.org/viewvc?view=revision&revision=1739564

x_refsource_CONFIRM

90902

vdb-entry

x_refsource_BID

http://svn.apache.org/viewvc?view=revision&revision=1739565

x_refsource_CONFIRM

RHSA-2017:0272

vendor-advisory

x_refsource_REDHAT

RHSA-2017:0248

vendor-advisory

x_refsource_REDHAT

RHSA-2017:0249

vendor-advisory

x_refsource_REDHAT

[tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ...

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2175

Description

Affected Products

References