Description

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Remediation

References

https://github.com/BigBadaboom/androidsvg/issues/122

Related Vulnerabilities

CVE-2019-5432 Vulnerability in npm package mqtt-packet

CVE-2019-1003051 Vulnerability in maven package org.jvnet.hudson.plugins:ircbot

CVE-2019-10412 Vulnerability in maven package com.inedo.proget:inedo-proget

CVE-2022-25644 Vulnerability in npm package @pendo324/get-process-by-name

CVE-2020-1695 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs-all

Severity

High

Classification

CWE-611 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory