8 matches found
veraPDF-library 代码问题漏洞
veraPDF-library is veraPDF open source an open source PDF/A validation library . A code issue vulnerability exists in veraPDF-library, which stems from the fact that using a custom schematron file enforcement policy check via the CLI invokes an XSL transformation, which could theoretically lead t...
CVE-2024-28109
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109
CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
PT-2024-22267 · Unknown · Verapdf-Library
Name of the Vulnerable Software and Affected Versions: veraPDF-library versions prior to 1.24.2 Description: The veraPDF-library, a PDF/A validation library, has a remote code execution RCE vulnerability when executing policy checks using custom schematron files. This invokes an XSL transformatio...
veraPDF-library 安全漏洞
veraPDF-library is veraPDF open source an open source PDF/A validation library . A security vulnerability exists in veraPDF-library. Attackers can use the vulnerability to remotely execute code...