EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-13T20:00:00
Updated: 2024-08-06T02:50:38.360Z
Reserved: 2016-11-21T00:00:00
Link: CVE-2016-9487
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-13T20:29:01.520
Modified: 2024-11-21T03:01:18.603
Link: CVE-2016-9487
Redhat
No data.