CVE-2015-0250

Name of the Vulnerable Software and Affected Versions Apache Batik versions 1.x before 1.8

Description The issue is related to an XML external entity (XXE) vulnerability in the SVG to PNG and JPG conversion classes. This allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. There is also a mention of a similar issue in Schneider Electric EcoStruxure Data Center Expert, related to XML External Entity Processing Information Disclosure.

Recommendations For Apache Batik versions 1.x before 1.8, update to version 1.8 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability.