参照: Official suse advisory, NVD, CVE.org · CVE 詳細
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-2175 severity important: SUSE including 11 source package names (apache-pdfbox, apache-pdfbox-1.8.12-1.29, …), 17 product×package rows across 13 product lines (SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15 SP1, … (13 product lines)): Fixed 15, Known Not Affected 2.
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.