CVE-2015-0250 – org.apache.xmlgraphics:batik

Package

Manager: maven
Name: org.apache.xmlgraphics:batik
Vulnerable Version: >=1.0 <1.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01042 pctl0.76624

Details

Improper Input Validation in Apache Batik XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Metadata

Created: 2022-05-17T00:28:34Z
Modified: 2022-07-06T20:29:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wfw6-mmmp-87xm/GHSA-wfw6-mmmp-87xm.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-wfw6-mmmp-87xm
Finding: F184
Auto approve: 1