veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-28T13:19:39.906Z
Updated: 2024-08-02T00:48:48.254Z
Reserved: 2024-03-04T14:19:14.059Z
Link: CVE-2024-28109
Vulnrichment
Updated: 2024-08-02T00:48:48.254Z
NVD
Status : Awaiting Analysis
Published: 2024-03-28T14:15:13.863
Modified: 2024-11-21T09:05:50.020
Link: CVE-2024-28109
Redhat
No data.