Vulnerability Description
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realobjects | Pdfreactor | < 10.1.10722 |
Related Weaknesses (CWE)
References
- https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfrThird Party Advisory
- https://www.pdfreactor.com/important-pdfreactor-security-advisory/Vendor Advisory
- https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-avaiRelease NotesVendor Advisory
- https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfrThird Party Advisory
- https://www.pdfreactor.com/important-pdfreactor-security-advisory/Vendor Advisory
- https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-avaiRelease NotesVendor Advisory
FAQ
What is CVE-2019-12154?
CVE-2019-12154 is a vulnerability with a CVSS score of 9.1 (CRITICAL). XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file conte...
How severe is CVE-2019-12154?
CVE-2019-12154 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-12154?
Check the references section above for vendor advisories and patch information. Affected products include: Realobjects Pdfreactor.