2 matches found
[SECURITY] [DLA 927-1] fop security update
Package : fop Version : 1:1.0.dfsg2-6+deb7u1 CVE ID : CVE-2017-5661 Debian Bug : 860567 In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the use...
CVE-2017-5661
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...