Home

CVE-2017-1000498

Description

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.193

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-1000498 are fixed in Caverock - androidsvg 1.3Windows
Vulnerabilities CVE-2017-1000498 are fixed in Caverock - androidsvg for Linux 1.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234