CVE-2019-0228 Apache PDFBox XML Parser XML External Entity Vulnerability – 22nd Apr 2019

Preface: We are all familiar with the .doc and .pdf formats. Because this is our choice in the business world.

Synopsis: Apache PDFBox is an open source pure-Java library that can be used to create, render, print, split, merge, alter, verify and extract text and meta-data of PDF files.

Vulnerability details: A vulnerability in Apache PDFBox could allow an unauthenticated, remote attacker to conduct an XML External Entity (XXE) attack on a targeted system. Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a
crafted XFDF.

Remedy: Apache has released software updates at the following link: