CVE-2019-12154

2019-06-1120:35:34

mitre

www.cve.org

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.

References

blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html

www.pdfreactor.com/important-pdfreactor-security-advisory/

www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/