Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2022-33980 Vulnerability in maven package org.apache.commons:commons-configuration2

CVE-2020-10969 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2019-19771 Vulnerability in npm package riped160

CVE-2020-2161 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory