Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Remediation
References
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://xmlgraphics.apache.org/security.html
Related Vulnerabilities
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2023-32992 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2023-30525 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2023-46655 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2019-16303 Vulnerability in npm package generator-jhipster-kotlin