CVE-2019-0228

Summary

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

Affected Software

VendorProductVersion RangeStatus
n/aApache PDFBoxApache PDFBox 2.0.14affected

Weaknesses

  • XML External Entity (XXE) attacks

ADP Enrichment

CVE Program Container

Additional References

References