oss-sec mailing list archives
[CVE-2018-17202]: Apache Commons Imaging information disclosure vulnerability
From: "Bruno P. Kinoshita" <kinow () apache org>
Date: Fri, 3 May 2019 09:36:36 +0000 (UTC)
Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Sanselan 0.97-incubator Description: Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. Mitigation: 0.97-incubator users should upgrade to commons-imaging-1.0-alpha1 Credit: This issue was discovered by Guido Vranken. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17202 https://lists.apache.org/thread.html/48a64566999f44290e4fb3b0d2e9a0e1c996902db51258e7aff00dda@%3Cdev.commons.apache.org%3E
Current thread:
- [CVE-2018-17202]: Apache Commons Imaging information disclosure vulnerability Bruno P. Kinoshita (May 03)