CVE-2016-15026

MEDIUM

3breadt dd-plist <1.17 - XML External Entity Reference

Title source: llm

Description

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.

References (5)

Core 5

Core References

Permissions Required, Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.221486

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.221486

Issue Tracking, Patch issue-tracking

https://github.com/3breadt/dd-plist/pull/26

Patch patch

https://github.com/3breadt/dd-plist/commit/8c954e8d9f6f6863729e50105a8abf3f87fff74c

Release Notes patch

https://github.com/3breadt/dd-plist/releases/tag/dd-plist-1.18

Scores

CVSS v3 5.3

EPSS 0.0054

EPSS Percentile 41.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-611

Status published

Products (2)

com.googlecode.plist/dd-plist 0 - 1.18Maven

dd-plist_project/dd-plist < 1.18

Published Feb 20, 2023

Tracked Since Feb 18, 2026