Uploaded image for project: 'Batik'
  1. Batik
  2. BATIK-1018

"XML External Entities" vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Resolution: Fixed
    • 1.8
    • 1.9
    • Web Site
    • None
    • Operating System: All
      Platform: All

    Description

      During visualization with Squiggle or rasterization via the CLI tool, XML external entities defined in the DTD are dereferenced and the content of the target file is included in the output.

      The impact of this vulnerability range form denial of service to file disclosure. Under Windows, it can also be used to steal LM/NTLM hashes.

      For some additional information about XXE attacks, please refer to http://cwe.mitre.org/data/definitions/827.html

      How to reproduce:
      $> rasterizer xxe.svg -d xxe.png

      Attachments

        1. ssrf.svg
          0.3 kB
          Lars Krapf
        2. xxe.png
          125 kB
          Nicolas GREGOIRE
        3. xxe.svg
          0.6 kB
          Nicolas GREGOIRE

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. BATIK-1139 SSRF through external DTD resolution

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. BATIK-1113 Hard to solve XML External Entities problem

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              batik-dev@xmlgraphics.apache.org Batik Developer's Mailing list
              nicolas.gregoire@agarri.fr Nicolas GREGOIRE
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: