CNNVD-202511-1889 Information

CNNVD ID

CNNVD-202511-1889

Related CVE

CVE-2025-63917

• CNNVD Published: 2025-11-17

Description (Chinese)

PDFPatcher是WMJ个人开发者的一个PDF工具箱。 PDFPatcher 1.1.3.4663及之前版本存在安全漏洞，该漏洞源于XML外部实体引用限制不足，可能导致任意文件读取或SSRF攻击。

Description (English)

PDFPatcher is a PDF toolbox for WMJ personal developers. There is a security loophole in PDF Patcher 1.1.3.4663 and earlier versions, which stems from inadequate citation restrictions by outside XML entities and may lead to arbitrary document access or SRF attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-17

Last Modified

2026-02-24

References

https://github.com/cydtseng/Vulnerability-Research/blob/main/pdfpatcher/XXE-Importers.md https://github.com/wmjordan/PDFPatcher https://www.cnblogs.com/pdfpatcher https://access.redhat.com/security/cve/cve-2025-63917