UBUNTU-CVE-2016-4434

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-4434

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4434.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-4434

Related

CVE-2016-4434

Published

2017-09-30T01:29:00Z

Modified

2025-01-13T10:21:14Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.

References

Affected packages

Ubuntu:Pro:16.04:LTS / tika

Package

Name: tika
Purl: pkg:deb/ubuntu/tika@1.5-4ubuntu0.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5-2

1.5-3

1.5-4

1.5-4ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tika

Package

Name: tika
Purl: pkg:deb/ubuntu/tika@1.5-5?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}