CVE-2019-0228 Apache PDFBox XML Parser XML External Entity Vulnerability – 22nd Apr 2019

Preface: We are all familiar with the .doc and .pdf formats. Because this is our choice in the business world.

Synopsis: Apache PDFBox is an open source pure-Java library that can be used to create, render, print, split, merge, alter, verify and extract text and meta-data of PDF files.

Vulnerability details: A vulnerability in Apache PDFBox could allow an unauthenticated, remote attacker to conduct an XML External Entity (XXE) attack on a targeted system. Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a
crafted XFDF.

Remedy: Apache has released software updates at the following link: https://pdfbox.apache.org/download.cgi

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.