ICEpdf
  1. ICEpdf
  2. PDF-960

Update batik libraries to 1.6.1 security fix for the XXE vulnerability

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.2
    • Fix Version/s: 6.0.2_P01, 6.1
    • Component/s: Release
    • Labels:
      None
    • Environment:
      any

      Description

      XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

      This shouldn't directly affect the use of ICEpdf and Batik for SVG export but we'll update the jars regardless.

      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250

        Activity

          People

          • Assignee:
            Patrick Corless
            Reporter:
            Patrick Corless
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: