EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks.
EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project (most commonly being epub readers) as a library.
CWE-611: Improper Restriction of XML External Entity Reference ('XXE') - CVE-2016-9487
A remote attacker may be able to access arbitrary files on a system, or cause the system execute arbitrary requests.
Apply an update
EpubCheck has released version 4.0.2 to address the vulnerability.
International Digital Publishing Forum
Thanks to Craig Arendt for reporting this vulnerability.
|Date First Published:||2016-12-13|
|Date Last Updated:||2016-12-14 18:20 UTC|