Advisories ยป MGASA-2016-0253

Updated pdfbox packages fix security vulnerability

Publication date: 14 Jul 2016
Modification date: 14 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2175

Description

Apache PDFBox before 1.8.12 does not properly initialize the XML parsers,
which allows context-dependent attackers to conduct XML External Entity
(XXE) attacks via a crafted PDF (CVE-2016-2175).

References

SRPMS

5/core