Vulnerability Description
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab1336
- https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851
- https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2db
- https://github.com/veraPDF/veraPDF-library/issues/1415
- https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8
- https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab1336
- https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851
- https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2db
- https://github.com/veraPDF/veraPDF-library/issues/1415
- https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8
FAQ
What is CVE-2024-28109?
CVE-2024-28109 is a vulnerability with a CVSS score of 8.1 (HIGH). veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This ...
How severe is CVE-2024-28109?
CVE-2024-28109 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28109?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.