Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NTYteDV2eC1xaDU5

Android SVG vulnerable to XML External Entity (XXE)

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Permalink: https://github.com/advisories/GHSA-g556-x5vx-qh59
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NTYteDV2eC1xaDU5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago


CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-g556-x5vx-qh59, CVE-2017-1000498
References: Repository: https://github.com/BigBadaboom/androidsvg
Blast Radius: 20.7

Affected Packages

maven:com.caverock:androidsvg
Dependent packages: 18
Dependent repositories: 446
Downloads:
Affected Version Ranges: < 1.3
Fixed in: 1.3
All affected versions: 1.0.170, 1.1.182, 1.2.0, 1.2.1
All unaffected versions: