CVE-2016-9487

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
13/07/2018
Last modified:
09/10/2019

Description

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:w3:epubcheck:4.0.1:*:*:*:*:*:*:*