CVE-2019-0228

Name of the Vulnerable Software and Affected Versions Apache PDFBox version 2.0.14

Description The issue is related to the incorrect restriction of XML external entity references in the Java library Apache PDFBox. This can be exploited by a remote attacker to conduct XML External Entity (XXE) attacks using a specially crafted XFDF file. The XML parser is not properly initialized, allowing context-dependent attackers to perform these attacks.

Recommendations For Apache PDFBox version 2.0.14, consider disabling the XML parser or restricting its use until a patch is available to prevent XXE attacks. As a temporary workaround, avoid using crafted XFDF files that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.