CVE-2015-0250: Improper Input Validation in Apache Batik
(updated )
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
References
- advisories.mageia.org/MGASA-2015-0138.html
- packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
- rhn.redhat.com/errata/RHSA-2016-0041.html
- rhn.redhat.com/errata/RHSA-2016-0042.html
- seclists.org/fulldisclosure/2015/Mar/142
- www-01.ibm.com/support/docview.wss?uid=swg21963275
- www.debian.org/security/2015/dsa-3205
- www.mandriva.com/security/advisories?name=MDVSA-2015:203
- www.securitytracker.com/id/1032781
- www.ubuntu.com/usn/USN-2548-1
- xmlgraphics.apache.org/security.html
- github.com/advisories/GHSA-wfw6-mmmp-87xm
- nvd.nist.gov/vuln/detail/CVE-2015-0250
Detect and mitigate CVE-2015-0250 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →