Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-06-01 20:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-2175
Mitre link : CVE-2016-2175
CVE.ORG link : CVE-2016-2175
JSON object : View
Products Affected
apache
- pdfbox
debian
- debian_linux
CWE