CVE-2015-0250

Priority
Description
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG
conversion classes in Apache Batik 1.x before 1.8 allows remote attackers
to read arbitrary files or cause a denial of service via a crafted SVG
file.
Assigned-to
mdeslaur
Notes
Package
Source: batik (LP Ubuntu Debian)
Upstream:released (1.7+dfsg-5)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.7.ubuntu-8ubuntu2.14.04.1])
Patches:
Upstream:https://svn.apache.org/viewvc?diff_format=h&view=revision&revision=1664335
More Information

Updated: 2019-12-05 18:39:25 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)