Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Remediation
References
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1
http://xmlgraphics.apache.org/security.html
Related Vulnerabilities
CVE-2021-23358 Vulnerability in maven package org.webjars.npm:underscore
CVE-2023-37899 Vulnerability in npm package @feathersjs/transport-commons
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service-api
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r4b
CVE-2023-26476 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui