Candidate: CVE-2016-2175
PublicDate: 2016-06-01 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2175
 http://seclists.org/oss-sec/2016/q2/419
Description:
 Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly
 initialize the XML parsers, which allows context-dependent attackers to
 conduct XML External Entity (XXE) attacks via a crafted PDF.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_libpdfbox-java:
 upstream: https://svn.apache.org/viewvc?view=revision&revision=1739564
upstream_libpdfbox-java: released (1.8.12)
precise_libpdfbox-java: ignored (reached end-of-life)
precise/esm_libpdfbox-java: DNE (precise was needs-triage)
trusty_libpdfbox-java: ignored (reached end-of-life)
trusty/esm_libpdfbox-java: DNE (trusty was needed)
vivid/stable-phone-overlay_libpdfbox-java: DNE
vivid/ubuntu-core_libpdfbox-java: DNE
wily_libpdfbox-java: released (1:1.8.7+dfsg-1+deb8u1build0.15.10.1)
xenial_libpdfbox-java: ignored (end of standard support, was needed)
yakkety_libpdfbox-java: not-affected (1:1.8.12-1)
zesty_libpdfbox-java: not-affected (1:1.8.12-1)
artful_libpdfbox-java: not-affected (1:1.8.12-1)
bionic_libpdfbox-java: not-affected (1:1.8.12-1)
cosmic_libpdfbox-java: not-affected (1:1.8.12-1)
disco_libpdfbox-java: not-affected (1:1.8.12-1)
eoan_libpdfbox-java: not-affected (1:1.8.12-1)
focal_libpdfbox-java: not-affected (1:1.8.12-1)
groovy_libpdfbox-java: not-affected (1:1.8.12-1)
hirsute_libpdfbox-java: not-affected (1:1.8.12-1)
impish_libpdfbox-java: not-affected (1:1.8.12-1)
jammy_libpdfbox-java: not-affected (1:1.8.12-1)
devel_libpdfbox-java: not-affected (1:1.8.12-1)