ICEpdf
  1. ICEpdf
  2. PDF-960

Update batik libraries to 1.6.1 security fix for the XXE vulnerability

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.2
    • Fix Version/s: 6.0.2_P01, 6.1
    • Component/s: Release
    • Labels:
      None
    • Environment:
      any

      Description

      XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

      This shouldn't directly affect the use of ICEpdf and Batik for SVG export but we'll update the jars regardless.

      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250

        People

        • Assignee:
          Patrick Corless
          Reporter:
          Patrick Corless
        • Votes:
          0 Vote for this issue
          Watchers:
          1 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: