Description
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.pdfreactor.com/important-pdfreactor-security-advisory/
Release Notes, Vendor Advisory x_refsource_confirm
https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
Third Party Advisory x_refsource_misc
https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
Scores
CVSS v3
9.1
EPSS
0.0231
EPSS Percentile
81.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (1)
realobjects/pdfreactor
< 10.1.10722
Published
Jun 11, 2019
Tracked Since
Feb 18, 2026