VYPR
High severity7.8NVD Advisory· Published Jun 1, 2016· Updated Jun 17, 2026

CVE-2016-2175

CVE-2016-2175

Description

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.pdfbox:pdfboxMaven
< 1.8.121.8.12
org.apache.pdfbox:pdfboxMaven
>= 2.0.0, < 2.0.12.0.1

Affected products

18
  • Apache/Pdfbox16 versions
    cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.8.12

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.