ICEpdf
  1. ICEpdf
  2. PDF-960

Update batik libraries to 1.6.1 security fix for the XXE vulnerability

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 6.0.2
          • Fix Version/s: 6.0.2_P01, 6.1
          • Component/s: Release
          • Labels:
            None
          • Environment:
            any

            Description

            XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

            This shouldn't directly affect the use of ICEpdf and Batik for SVG export but we'll update the jars regardless.

            https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250

              Activity

              Descending order - Click to sort in ascending order
              Patrick Corless made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Patrick Corless made changes -
              Fix Version/s 6.0.2_P01 [ 12973 ]
              Patrick Corless made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Hide
              Permalink
              Patrick Corless added a comment -

              Marking as fixed.

              Show
              Patrick Corless added a comment - Marking as fixed.
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #46964 Tue Jan 12 09:17:40 MST 2016 patrick.corless PDF-960 updated Batik jars from 1.6 to 1.6.1
              Files Changed
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/batik-svg-dom.jar
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/batik-util.jar
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/batik-svggen.jar
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/batik-xml.jar
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/batik-dom.jar
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/batik-awt-util.jar
              Commit graph MODIFY /icepdf/branches/icepdf-6.0.0_P01/icepdf/lib/versions-licenses.html
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #46963 Tue Jan 12 09:17:25 MST 2016 patrick.corless PDF-960 updated Batik jars from 1.6 to 1.6.1
              Files Changed
              Commit graph MODIFY /icepdf/trunk/icepdf/lib/batik-svg-dom.jar
              Commit graph MODIFY /icepdf/trunk/icepdf/lib/batik-xml.jar
              Commit graph MODIFY /icepdf/trunk/icepdf/lib/batik-awt-util.jar
              Commit graph MODIFY /icepdf/trunk/icepdf/lib/batik-dom.jar
              Commit graph MODIFY /icepdf/trunk/icepdf/lib/batik-svggen.jar
              Commit graph MODIFY /icepdf/trunk/icepdf/lib/batik-util.jar
              Patrick Corless made changes -
              Description XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

              This shouldn't directly affect the use of ICEpdf and Batik for SVG export but we'll update the jars regardless.               		XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

              This shouldn't directly affect the use of ICEpdf and Batik for SVG export but we'll update the jars regardless.

              https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250
              Patrick Corless made changes -
              Field Original Value New Value
              Fix Version/s 6.1 [ 12070 ]
              Patrick Corless created issue -

                People

                • Assignee:
                  Patrick Corless
                  Reporter:
                  Patrick Corless
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: