https://bugzilla.redhat.com/show_bug.cgi?id=1699740
Bug ID: 1699740
Summary: CVE-2019-0228 pdfbox: XML External Entity (XXE)
attacks via a crafted XFDF
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190412,reported=20190412,sour
ce=oss-security,cvss3=5.9/CVSS:3.0/AV:L/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:L,cwe=CWE-611,fedora-all/pdfbox=affecte
d,fsw-6/pdfbox=affected,fuse-6/pdfox=affected,fuse-7/p
dfbox=affected
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aileenc(a)redhat.com, chazlett(a)redhat.com,
gvarsami(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jochrist(a)redhat.com,
kconner(a)redhat.com, ldimaggi(a)redhat.com,
nwallace(a)redhat.com, puntogil(a)libero.it,
rwagner(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com
Target Milestone: ---
Classification: Other
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows
context-dependent attackers to conduct XML External Entity (XXE) attacks via a
crafted XFDF.
Reference:
https://www.openwall.com/lists/oss-security/2019/04/12/1
--
You are receiving this mail because:
You are on the CC list for the bug.