CVE-2017-1000498 – com.caverock:androidsvg

Package

Manager: maven
Name: com.caverock:androidsvg
Vulnerable Version: >=0 <1.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.01193 pctl0.78071

Details

Android SVG vulnerable to XML External Entity (XXE) AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Metadata

Created: 2018-10-19T16:50:33Z
Modified: 2022-09-14T19:15:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-g556-x5vx-qh59/GHSA-g556-x5vx-qh59.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-g556-x5vx-qh59
Finding: F083
Auto approve: 1