CVE-2016-9487

Name of the Vulnerable Software and Affected Versions EpubCheck version 4.0.1

Description The issue allows an attacker to exploit the behavior of EpubCheck when parsing XML in EPUB files during validation, potentially enabling them to read arbitrary files or have the victim execute arbitrary requests on their behalf. This is possible because EpubCheck does not properly restrict resolving external entities.

Recommendations For EpubCheck version 4.0.1, consider disabling the XML parsing functionality for external entities until a patch is available. Restrict access to sensitive files and network resources to minimize the risk of exploitation.