CVE-2016-2175
published 2016-06-01CVE-2016-2175: Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | pdfbox | — | — |
| apache | tika | — | — |
| apache | tika | — | — |
| apache | tika | >= 0 < 1.18-1 | 1.18-1 |
| debian | debian_linux | — | — |
| debian | libpdfbox-java | < libpdfbox-java 1:1.8.12-1 (bookworm) | libpdfbox-java 1:1.8.12-1 (bookworm) |
| debian | tika | < tika 1.18-1 (bullseye) | tika 1.18-1 (bullseye) |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa7.8HIGH
osv7.8HIGH