CVE-2019-12154

Name of the Vulnerable Software and Affected Versions RealObjects PDFreactor versions prior to 10.1.10722

Description The issue allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions. This is due to an XXE (XML External Entity) issue in the XML parser library.

Recommendations For versions prior to 10.1.10722, update to version 10.1.10722 or later to resolve the issue. As a temporary workaround, consider restricting the use of externally referenced resources in the XML parser library until a patch is applied.