GCVE-VVD-MAGEIA-2016-253

Advisory Published

Vulnetix · Advisory published July 14, 2016

Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF (CVE-2016-2175).

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	pdfbox	0 (affected), 1.8.7-1.1.mga5 (unaffected)	—

Aliases

CVE-2016-2175

Transitive aliases

RHSA-2017:0249 RHSA-2017:0248 CVE-2016-6344 CVE-2016-4434 GSD-2016-6344 GHSA-4xr4-4c65-hj7f EUVD-2018-0498 GHSA-4c32-xmgj-2g98 CVE-2016-7033 GHSA-jhjx-rgjj-x5xp CNVD-2016-07084 GSD-2016-7033 EUVD-2016-7918 EUVD-2016-7271 GHSA-wgm6-69g7-crf7 EUVD-2018-0507 CNVD-2016-07326

References

Updated pdfbox packages fix security vulnerability

advisory

Updated pdfbox packages fix security vulnerability

issue

Updated pdfbox packages fix security vulnerability

issue

Updated pdfbox packages fix security vulnerability

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON