CVE-2016-9487
HIGHEpubCheck 4.0.1 - XML External Entity Injection in EPUB File Validation
Title source: llmDescription
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/779243
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
https://www.securityfocus.com/bid/94864/
Scores
CVSS v3
7.8
EPSS
0.0128
EPSS Percentile
66.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
w3/epubcheck
4.0.1
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026