CVE-2019-0228: pdfbox: XML External Entity (XXE) attacks via a crafted XFDF

Severity: Critical

CVSS Score: 9.8

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.