AndroidSVG 1.2.2 Vulnerability: XXE Attacks in SVG Parsing Component Leading to Denial of Service and Remote Code Execution

AndroidSVG 1.2.2 Vulnerability: XXE Attacks in SVG Parsing Component Leading to Denial of Service and Remote Code Execution

CVE-2017-1000498 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Learn more about our Web Application Penetration Testing UK.