CVE-2016-2175

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-2175
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2175.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2175
Aliases
Downstream
Related
Published
2016-06-01T20:59:01.747Z
Modified
2026-04-16T12:00:10.631534Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.0-rc1"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.0-rc2"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.0-rc3"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/apache/pdfbox

Affected ranges

Type
GIT
Repo
https://github.com/apache/pdfbox
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cc7eeb2147fa787468542bc8a577fe35c19c0473
Last affected
df408e9a28d668ea3cbb9f9656cdfc541c437bb4
Last affected
2b8d37ebb43750a82575f0fb3f137739db2ade73
Last affected
2a29f8e55653f54dc46ea9eddacbb5a52f523964
Last affected
32e458545c32312ee4d73912de159694a012e933
Last affected
6e177c78b9557ce15f22cc7ba48906c86d30b2e4
Last affected
98aa3f2e33aae00b15c6ca6ab56382960cf05a79
Last affected
48ba8b28ba8b7743c8608b368b521c1f97abc118
Last affected
6d478f0e228563ad5a713b035767a59e0e8f85ff
Last affected
a6cb7b07997b0e324708cb73d1b224f8ebe60c0b
Last affected
62e41dde57c9caf5598ba365a2816080383757ce
Last affected
be4df58d7197e386fe2ac74c96bcf6a75dbcae03
Last affected
9b2e8e73b853d38490de98041627a3f9b075eb96
Database specific 
{
    "cpe": [
        "cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:pdfbox:2.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.0"
        },
        {
            "last_affected": "1.8.1"
        },
        {
            "last_affected": "1.8.2"
        },
        {
            "last_affected": "1.8.3"
        },
        {
            "last_affected": "1.8.4"
        },
        {
            "last_affected": "1.8.5"
        },
        {
            "last_affected": "1.8.6"
        },
        {
            "last_affected": "1.8.7"
        },
        {
            "last_affected": "1.8.8"
        },
        {
            "last_affected": "1.8.9"
        },
        {
            "last_affected": "1.8.10"
        },
        {
            "last_affected": "1.8.11"
        },
        {
            "last_affected": "2.0"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

1.*
1.8.0
1.8.1
1.8.10
1.8.11
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
2.*
2.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2175.json"