DescriptionDhananjay Arunesh
2019-04-15 06:49:28 UTC
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Reference:
https://www.openwall.com/lists/oss-security/2019/04/12/1
Comment 1Dhananjay Arunesh
2019-04-15 06:52:39 UTC
Created pdfbox tracking bugs for this issue:
Affects: fedora-all [bug 1699742]