CVE-2016-2175

Published on: 06/01/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Pdfbox from Apache contain the following vulnerability:

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

  • CVE-2016-2175 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ...
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability
Debian -- Security Information -- DSA-3606-1 libpdfbox-java Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3606
Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability cve.report (archive)
text/html
URL Logo BID 90902
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0248
[Apache-SVN] Revision 1739565 Patch
Vendor Advisory
svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1739565
Apache PDFBox 1.8.11 / 2.0.0 / XML Injection ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0272
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0249
[Apache-SVN] Revision 1739564 Patch
Vendor Advisory
svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1739564
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability Mailing List
mail-archives.us.apache.org
text/xml
URL Logo MLIST [www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0179

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApachePdfbox1.8.0AllAllAll
ApplicationApachePdfbox1.8.1AllAllAll
ApplicationApachePdfbox1.8.10AllAllAll
ApplicationApachePdfbox1.8.11AllAllAll
ApplicationApachePdfbox1.8.2AllAllAll
ApplicationApachePdfbox1.8.3AllAllAll
ApplicationApachePdfbox1.8.4AllAllAll
ApplicationApachePdfbox1.8.5AllAllAll
ApplicationApachePdfbox1.8.6AllAllAll
ApplicationApachePdfbox1.8.7AllAllAll
ApplicationApachePdfbox1.8.8AllAllAll
ApplicationApachePdfbox1.8.9AllAllAll
ApplicationApachePdfbox2.0AllAllAll
ApplicationApachePdfbox2.0rc1AllAll
ApplicationApachePdfbox2.0rc2AllAll
ApplicationApachePdfbox2.0rc3AllAll
ApplicationApachePdfbox1.8.0AllAllAll
ApplicationApachePdfbox1.8.1AllAllAll
ApplicationApachePdfbox1.8.10AllAllAll
ApplicationApachePdfbox1.8.11AllAllAll
ApplicationApachePdfbox1.8.2AllAllAll
ApplicationApachePdfbox1.8.3AllAllAll
ApplicationApachePdfbox1.8.4AllAllAll
ApplicationApachePdfbox1.8.5AllAllAll
ApplicationApachePdfbox1.8.6AllAllAll
ApplicationApachePdfbox1.8.7AllAllAll
ApplicationApachePdfbox1.8.8AllAllAll
ApplicationApachePdfbox1.8.9AllAllAll
ApplicationApachePdfbox2.0AllAllAll
ApplicationApachePdfbox2.0rc1AllAll
ApplicationApachePdfbox2.0rc2AllAll
ApplicationApachePdfbox2.0rc3AllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
  • cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*: