CVE-2015-0250

2015-03-2417:59:00

Debian Security Bug Tracker

security-tracker.debian.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

OSVersionArchitecturePackageVersionFilename
Debian12allbatik< 1.7+dfsg-5batik_1.7+dfsg-5_all.deb
Debian11allbatik< 1.7+dfsg-5batik_1.7+dfsg-5_all.deb
Debian10allbatik< 1.7+dfsg-5batik_1.7+dfsg-5_all.deb
Debian999allbatik< 1.7+dfsg-5batik_1.7+dfsg-5_all.deb
Debian13allbatik< 1.7+dfsg-5batik_1.7+dfsg-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	batik	< 1.7+dfsg-5	batik_1.7+dfsg-5_all.deb
Debian	11	all	batik	< 1.7+dfsg-5	batik_1.7+dfsg-5_all.deb
Debian	10	all	batik	< 1.7+dfsg-5	batik_1.7+dfsg-5_all.deb
Debian	999	all	batik	< 1.7+dfsg-5	batik_1.7+dfsg-5_all.deb
Debian	13	all	batik	< 1.7+dfsg-5	batik_1.7+dfsg-5_all.deb