Vulnerability Note VU#779243
EpubCheck 4.0.1 contains a XML external entity processing vulnerability
EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks.
EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project (most commonly being epub readers) as a library.
CWE-611: Improper Restriction of XML External Entity Reference ('XXE') - CVE-2016-9487
A remote attacker may be able to access arbitrary files on a system, or cause the system execute arbitrary requests.
Apply an update
EpubCheck has released version 4.0.2 to address the vulnerability.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||13 Dec 2016|
|Apple||Affected||-||14 Dec 2016|
|International Digital Publishing Forum||Affected||13 Oct 2016||09 Dec 2016|
CVSS Metrics (Learn More)
Thanks to Craig Arendt for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2016-9487
- Date Public: 13 Dec 2016
- Date First Published: 13 Dec 2016
- Date Last Updated: 14 Dec 2016
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.