CVE-2016-9487 — Vulnetix

CVE-2016-9487 PUBLISHED

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.

EPSS 0.13% · 32.4th percentile

Risk Scores

EPSS Score

0.13%

32.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	epubcheck	4.0.0-2, 4.0.1-1, 4.0.1-2

Exploit Intelligence

VU#779243 (circl)
94864 (circl)

Timeline

Jul 13, 2018 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-9487 third-party-advisory
https://github.com/IDPF/epubcheck/releases/tag/v4.0.2 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-9487 third-party-advisory

Open in Interactive Console →