Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NTYteDV2eC1xaDU5
Android SVG vulnerable to XML External Entity (XXE)
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Permalink: https://github.com/advisories/GHSA-g556-x5vx-qh59JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NTYteDV2eC1xaDU5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-g556-x5vx-qh59, CVE-2017-1000498
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000498
- https://github.com/BigBadaboom/androidsvg/issues/122
- https://github.com/advisories/GHSA-g556-x5vx-qh59
Blast Radius: 20.7
Affected Packages
maven:com.caverock:androidsvg
Dependent packages: 18Dependent repositories: 446
Downloads:
Affected Version Ranges: < 1.3
Fixed in: 1.3
All affected versions: 1.0.170, 1.1.182, 1.2.0, 1.2.1
All unaffected versions: