Description
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| veraPDF | veraPDF-library | affected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-1756 | veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2. |
 Github GHSA |
GHSA-qxqf-2mfx-x8jw | veraPDF has potential XSLT injection vulnerability when using policy files |
References
History
No history.
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T00:48:48.254Z
Reserved: 2024-03-04T14:19:14.059Z
Link: CVE-2024-28109
Vulnrichment
Updated: 2024-08-02T00:48:48.254Z
NVD
Status : Deferred
Published: 2024-03-28T14:15:13.863
Modified: 2026-04-15T00:35:42.020
Link: CVE-2024-28109
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses