Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Remediation
References
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://xmlgraphics.apache.org/security.html
Related Vulnerabilities
CVE-2023-35159 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2020-36649 Vulnerability in maven package org.webjars.bower:papaparse
CVE-2015-2080 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all
CVE-2017-16008 Vulnerability in maven package org.webjars:i18next
CVE-2023-43668 Vulnerability in maven package org.apache.inlong:manager-pojo