{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2015-0250","title":"Title"},{"category":"description","text":"XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2015-0250","url":"https://www.suse.com/security/cve/CVE-2015-0250"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 922681 for CVE-2015-0250","url":"https://bugzilla.suse.com/922681"}],"title":"SUSE CVE CVE-2015-0250","tracking":{"current_release_date":"2025-10-08T00:15:33Z","generator":{"date":"2023-02-15T05:23:47Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2015-0250","initial_release_date":"2023-02-15T05:23:47Z","revision_history":[{"date":"2023-02-15T05:23:47Z","number":"2","summary":"Current version"},{"date":"2025-03-16T05:01:38Z","number":"3","summary":"Current version"},{"date":"2025-04-25T11:31:08Z","number":"4","summary":"Current version"},{"date":"2025-10-08T00:15:33Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 7","product":{"name":"SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP2","product":{"name":"SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Development Tools 15 SP2","product":{"name":"SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-development-tools:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2","product":{"name":"SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp2"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.1","product":{"name":"SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.1"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.1","product":{"name":"SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.1"}}},{"category":"product_name","name":"SUSE Manager Server 4.1","product":{"name":"SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.1"}}},{"category":"product_version","name":"xmlgraphics-batik","product":{"name":"xmlgraphics-batik","product_id":"xmlgraphics-batik","product_identification_helper":{"cpe":"cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/xmlgraphics-batik@?upstream=xmlgraphics-batik.src.rpm"}}},{"category":"product_version","name":"xmlgraphics-batik-css","product":{"name":"xmlgraphics-batik-css","product_id":"xmlgraphics-batik-css","product_identification_helper":{"cpe":"cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/xmlgraphics-batik-css@?upstream=xmlgraphics-batik.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:xmlgraphics-batik"},"product_reference":"xmlgraphics-batik","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"xmlgraphics-batik-css as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:xmlgraphics-batik-css"},"product_reference":"xmlgraphics-batik-css","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"}]},"vulnerabilities":[{"cve":"CVE-2015-0250","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-0250"}],"notes":[{"category":"general","text":"XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Enterprise Storage 7:xmlgraphics-batik","SUSE Enterprise Storage 7:xmlgraphics-batik-css","SUSE Linux Enterprise Desktop 15 SP2:xmlgraphics-batik","SUSE Linux Enterprise Desktop 15 SP2:xmlgraphics-batik-css","SUSE Linux Enterprise High Performance Computing 15 SP2:xmlgraphics-batik","SUSE Linux Enterprise High Performance Computing 15 SP2:xmlgraphics-batik-css","SUSE Linux Enterprise Module for Development Tools 15 SP2:xmlgraphics-batik","SUSE Linux Enterprise Module for Development Tools 15 SP2:xmlgraphics-batik-css","SUSE Linux Enterprise Server 15 SP2:xmlgraphics-batik","SUSE Linux Enterprise Server 15 SP2:xmlgraphics-batik-css","SUSE Linux Enterprise Server for SAP Applications 15 SP2:xmlgraphics-batik","SUSE Linux Enterprise Server for SAP Applications 15 SP2:xmlgraphics-batik-css","SUSE Manager Proxy 4.1:xmlgraphics-batik","SUSE Manager Proxy 4.1:xmlgraphics-batik-css","SUSE Manager Retail Branch Server 4.1:xmlgraphics-batik","SUSE Manager Retail Branch Server 4.1:xmlgraphics-batik-css","SUSE Manager Server 4.1:xmlgraphics-batik","SUSE Manager Server 4.1:xmlgraphics-batik-css"]},"references":[{"category":"external","summary":"CVE-2015-0250","url":"https://www.suse.com/security/cve/CVE-2015-0250"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 922681 for CVE-2015-0250","url":"https://bugzilla.suse.com/922681"}],"threats":[{"category":"impact","date":"2015-03-17T10:31:10Z","details":"moderate"}],"title":"CVE-2015-0250"}]}