Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2022-46363 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http

CVE-2021-3804 Vulnerability in npm package taro

CVE-2019-10174 Vulnerability in maven package org.infinispan:infinispan-commons

CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge

CVE-2020-2218 Vulnerability in maven package org.jenkins-ci.plugins:hp-quality-center

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory