Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Remediation
References
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://xmlgraphics.apache.org/security.html
Related Vulnerabilities
CVE-2022-25844 Vulnerability in npm package angular
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack
CVE-2020-28429 Vulnerability in npm package geojson2kml
CVE-2022-21724 Vulnerability in maven package org.postgresql:postgresql
CVE-2018-17785 Vulnerability in maven package cc.blynk.server.api.core:http-core