CVE-2016-9487 in EpubCheckinformation

Résumé

par MITRE

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Réserver

21/11/2016

Divulgation

13/07/2018

Modérer

accepté

Entrée

VDB-121456

CPE

prêt

CWE

CWE-611 (confirmé)

CVSS

7.8 (NVD)

EPSS

0.00133

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9487
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9487
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9487/

◂ Précédent Aperçu Suivant ▸

Do you know our Splunk app?

Download it now for free!