CVE-2016-2175

Reference Links

• http://seclists.org/oss-sec/2016/q2/419
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1340397
• https://rhn.redhat.com/errata/RHSA-2017-0179.html
• https://rhn.redhat.com/errata/RHSA-2017-0249.html
• https://rhn.redhat.com/errata/RHSA-2017-0248.html
• https://rhn.redhat.com/errata/RHSA-2017-0272.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1340396
• http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8@apache.org%3E
• http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html
• http://rhn.redhat.com/errata/RHSA-2017-0179.html
• http://rhn.redhat.com/errata/RHSA-2017-0248.html
• http://rhn.redhat.com/errata/RHSA-2017-0249.html
• http://rhn.redhat.com/errata/RHSA-2017-0272.html
• http://svn.apache.org/viewvc?view=revision&revision=1739564
• http://svn.apache.org/viewvc?view=revision&revision=1739565
• http://www.debian.org/security/2016/dsa-3606
• http://www.securityfocus.com/archive/1/538503/100/0/threaded
• http://www.securityfocus.com/bid/90902
• https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54@%3Ccommits.tika.apache.org%3E
• https://exchange.xforce.ibmcloud.com/vulnerabilities/113548
• https://www.ibm.com/support/pages/node/6214472 (Advisory)
• http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E
• https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E

Parent vulnerabilities

(Appears in the following advisories)

• IBM-6214472

Frequently Asked Questions

• What is CVE-2016-2175?

  CVE-2016-2175 is a vulnerability in Apache PDFBox before 1.8.12 and 2.x before 2.0.1 that allows a remote attacker to obtain sensitive information or cause a denial of service.

• How does CVE-2016-2175 affect Apache PDFBox?

  CVE-2016-2175 affects Apache PDFBox versions before 1.8.12 and 2.x before 2.0.1, allowing a remote attacker to read arbitrary files on the system or cause a denial of service.

• What is the severity of CVE-2016-2175?

  CVE-2016-2175 has a severity rating of 7.8 (High).

• How can I fix CVE-2016-2175?

  To fix CVE-2016-2175, update Apache PDFBox to version 1.8.12 or 2.0.1.

• Where can I find more information about CVE-2016-2175?

  More information about CVE-2016-2175 can be found at the following references: [http://seclists.org/oss-sec/2016/q2/419](http://seclists.org/oss-sec/2016/q2/419), [https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1340397](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1340397), [https://rhn.redhat.com/errata/RHSA-2017-0179.html](https://rhn.redhat.com/errata/RHSA-2017-0179.html)