Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Remediation
References
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://xmlgraphics.apache.org/security.html
Related Vulnerabilities
CVE-2020-7720 Vulnerability in npm package node-forge
CVE-2018-20821 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2017-16131 Vulnerability in npm package unicorn-list
CVE-2020-7661 Vulnerability in npm package url-regex
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core