[PDF-960] Update batik libraries to 1.6.1 security fix for the XXE vulnerability - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.0.2
Fix Version/s: 6.0.2_P01, 6.1
Component/s: Release
Labels:
None
Environment:
any

Description

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

This shouldn't directly affect the use of ICEpdf and Batik for SVG export but we'll update the jars regardless.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250

Activity

All
Comments
History
Activity
Remote Attachments
Subversion

Hide

Permalink

Patrick Corless added a comment - 12/Jan/16 9:59 AM

Marking as fixed.

Show

Patrick Corless added a comment - 12/Jan/16 9:59 AM Marking as fixed.

People

Assignee:

Patrick Corless

Reporter:

Patrick Corless

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

12/Jan/16 9:07 AM

Updated:

25/Jan/18 12:58 PM

Resolved:

12/Jan/16 9:59 AM