CVE-2017-1000498: Improper Restriction of XML External Entity Reference

October 19, 2018 (updated September 10, 2021)

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

References

github.com/BigBadaboom/androidsvg/issues/122
github.com/advisories/GHSA-g556-x5vx-qh59
nvd.nist.gov/vuln/detail/CVE-2017-1000498

Detect and mitigate CVE-2017-1000498 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →