Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Reference: https://www.openwall.com/lists/oss-security/2019/04/12/1
Created pdfbox tracking bugs for this issue: Affects: fedora-all [bug 1699742]
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss Fuse 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0228