Status: Received - Published on 29-11-2024
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.
EPSS
0.00043
EPSS %
0.10702
0.00043
CWE-611
0.00043
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Advance your expertise with certifications like Certified Ethical Hacker (CEH) and CISSP ISC2. These certifications equip you with proactive strategies to address vulnerabilities and strengthen your organization's defenses against emerging cyber threats. Gain the tools and certifications to stay ahead of evolving CVE threats.
Join the top cybersecurity professionals safeguarding today's infrastructures.