EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.
References
Link | Resource |
---|---|
https://www.kb.cert.org/vuls/id/779243 | Third Party Advisory US Government Resource |
https://www.securityfocus.com/bid/94864/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-13T20:00:00
Updated: 2018-07-13T19:57:01
Reserved: 2016-11-21T00:00:00
Link: CVE-2016-9487
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-13T20:29:01.520
Modified: 2019-10-09T23:20:31.523
Link: CVE-2016-9487
JSON object: View
Redhat Information
No data.
CWE