Apache PDFBox parses different XML data within PDF files such as XMP and the initialization of the XML parsers did not protect against XML External Entity (XXE) vulnerabilities. References: http://seclists.org/oss-sec/2016/q2/419
Created pdfbox tracking bugs for this issue: Affects: fedora-all [bug 1340397]
pdfbox-1.8.8-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
pdfbox-1.8.11-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat JBoss Fuse/A-MQ 6.3 Rollup 1 Via RHSA-2017:0179 https://rhn.redhat.com/errata/RHSA-2017-0179.html
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.4.1 Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.4.1 Via RHSA-2017:0248 https://rhn.redhat.com/errata/RHSA-2017-0248.html
This issue has been addressed in the following products: Red Hat JBoss Data Virtualization 6.3 Update 4 Via RHSA-2017:0272 https://rhn.redhat.com/errata/RHSA-2017-0272.html