CVE-2015-0250 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-0250 Interim 1 14 2022-11-09T03:06:57Z current 2021-05-30T13:25:51Z 2022-11-09T03:06:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-0250 XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 xmlgraphics-batik xmlgraphics-batik-css xmlgraphics-batik as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 xmlgraphics-batik-css as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. CVE-2015-0250 SUSE Linux Enterprise Module for Development Tools 15 SP2:xmlgraphics-batik SUSE Linux Enterprise Module for Development Tools 15 SP2:xmlgraphics-batik-css moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L