Description
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
Remediation
References
https://hackerone.com/reports/315037
Related Vulnerabilities
CVE-2020-2216 Vulnerability in maven package org.jenkins-ci.plugins:zephyr-for-jira-test-management
CVE-2020-7634 Vulnerability in npm package heroku-addonpool
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2