Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Remediation
References
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://xmlgraphics.apache.org/security.html
Related Vulnerabilities
CVE-2023-31064 Vulnerability in maven package org.apache.inlong:manager-workflow
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_2.13
CVE-2021-4307 Vulnerability in maven package org.webjars.npm:baobab
CVE-2018-14730 Vulnerability in npm package browserify-hmr
CVE-2020-7773 Vulnerability in npm package markdown-it-highlightjs