CVE-2022-39259
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-39259
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39259.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-39259
- Aliases
- Published
- 2022-10-21T00:00:00Z
- Modified
- 2025-10-20T20:11:55.217201Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Jadx-gui subject to Denial of Service via Swing HTML rendering
- Details
-
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.
- Database specific
{ "cwe_ids": [ "CWE-20" ] }- References
Affected packages
Git / github.com/skylot/jadx
Affected ranges
- Type
- GIT
- Repo
- https://github.com/skylot/jadx
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.4
v0.4.1
v0.5.0
v0.5.0-beta1
v0.5.1
v0.5.2
v0.5.4
v0.6.0
v0.6.1
v0.7.1
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
Database specific
vanir_signatures
[
{
"id": "CVE-2022-39259-140352df",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/MainWindow.java",
"function": "getTreeCellRendererComponent"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 499.0,
"function_hash": "89540823245401042862959835548217925702"
}
},
{
"id": "CVE-2022-39259-208cc837",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/plugins/quark/QuarkDialog.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"200781819717521546533613864805144947652",
"297323432979300400360489955202738730850",
"245682978820380178796261918081198642742",
"85244892373637380900813544223818821838",
"155351522929632213826059739362239007919",
"269314746534413906443251634716570318164",
"264162330444026833306931048712715055527",
"313173109139436761373977541889789210980"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-2af8b9b8",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/treemodel/JField.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"146679420549113353051258840300146306235",
"68224857871227559771347977155926511263",
"333759399845549660566225250970467969152"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-2e301d7c",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/MainWindow.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"4276463923887450406301543045845692894",
"56327188891121098827676600935773522428",
"19255888968437172665804890376122255238",
"68473027259249359727408060161578536036",
"49703712385793117572692573501940251732",
"185019693410774366025133631779867220218",
"193644815189560135630867938365969797238",
"151968330987191954812385209607233680704"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-2f5af399",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/plugins/quark/QuarkReportPanel.java",
"function": "render"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 214.0,
"function_hash": "166013836256944366111802851544531816030"
}
},
{
"id": "CVE-2022-39259-38c80d20",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/plugins/quark/QuarkReportPanel.java",
"function": "render"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 224.0,
"function_hash": "174742321948117918862787461030951653284"
}
},
{
"id": "CVE-2022-39259-69087fac",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/treemodel/JNode.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"72705258270701881813009645640085703437",
"166598691959005597516316262639195311615",
"225894997258928956590790672128004124332"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-709a02dd",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/plugins/quark/QuarkDialog.java",
"function": "initUI"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1296.0,
"function_hash": "195913611938931138315060114283540081719"
}
},
{
"id": "CVE-2022-39259-737cf709",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/treemodel/CodeNode.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"153401493917082434459365758596679470626",
"163070948964123612827456385401250699371",
"87647090597484580038027384899879626165"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-7b638629",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/dialog/RenameDialog.java",
"function": "initUI"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1370.0,
"function_hash": "304305746212334947262509876687856423397"
}
},
{
"id": "CVE-2022-39259-7be38dd9",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/MainWindow.java",
"function": "initUI"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3527.0,
"function_hash": "72281392914730460072948893169472953172"
}
},
{
"id": "CVE-2022-39259-7c13099a",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/panel/LogcatPanel.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"1646400220226709853983010010097904123",
"167318095972015986511902291010301251676",
"319005860376210128379018585737969009509",
"258322975733809482555259559800689521016",
"82573821178974185047436136320777296028",
"13639169922738240249577844632848619962",
"254311768630719963929136781453761475553",
"252690675347140825387997963268639380491"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-834f9bef",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/dialog/RenameDialog.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"48687856837553215503778706417225949066",
"17277562215626155415179432051856523117",
"320989506023180845276240988677564420339",
"33034809304638566777017376252900582692",
"51970366558478124794765459757239909605",
"239843180833717140717470858680641394672",
"297345797236282403473645059660078346433",
"186302217444218951920229467724410875191",
"239982756828294177952776670192626635028",
"107837110451918919182522891235495220111",
"310085121476009528487717613921895762607",
"252010677654285726485495796880764563498"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-851a40eb",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/dialog/UsageDialog.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"167626380805741746127379458885998344088",
"237622466391039999909241694104272886699",
"308326908438565197728568445089853207182",
"177692822242277193163521052028817610701",
"43578773751516345042643231858130374944",
"37267434480627842370629833161444154878",
"172892951000004582688088274335631599938",
"260934364569033336310810165662339905175",
"217098791688709115420675515793471627365",
"270531841133198487320174990581361428931",
"224598565194985852798012907277126380615",
"5852934088410156349458457023454037202"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-871db1aa",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/dialog/UsageDialog.java",
"function": "initUI"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1040.0,
"function_hash": "188268636097386052279168537555129514828"
}
},
{
"id": "CVE-2022-39259-9528fc1b",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/TabComponent.java",
"function": "init"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1614.0,
"function_hash": "210159412378163887309537355275792338804"
}
},
{
"id": "CVE-2022-39259-a94fedc4",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/treemodel/JMethod.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"310410747658216208229869397404938817951",
"17473089695786991720971857861203671750",
"169426345216055805615627232883887097804"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-c1ce6325",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/dialog/CommonSearchDialog.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"337509894321419436794845657635088265728",
"330369266664580574292774354414238412861",
"15698664682212492794058009250589499389",
"98907120175221421152285238051327338842",
"302766388899494350449873306238062460874",
"261649081184235990677466204994199900922",
"161588587539628603648234988576790906935",
"198059160286998142171793313514479270824",
"257191167574186596625706412697170578914",
"105040053747943578757124153364788662428",
"181190252357285248502479712392413048506",
"304567779260915950814149421784902607641",
"115262424846537755583422645651863899002",
"159528768036285337052384809645753984032",
"7172920831640562280916021138796388497",
"265672585403453095804110528780670898264",
"216472297249703680889336829530907659348",
"320074135074361085812744010036426981101",
"37089128046127835502049156926153353456",
"57121799586018337968661931526298857018",
"304373602121706730031262484945662227501",
"329064502906354059382763178634383363180",
"260173103132601400158595366116779910272"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-c6311427",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/panel/LogcatPanel.java",
"function": "getContent"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 792.0,
"function_hash": "88421013171447430357652853676509140346"
}
},
{
"id": "CVE-2022-39259-c7f6967f",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Function",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/dialog/CommonSearchDialog.java",
"function": "makeCell"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 544.0,
"function_hash": "195241145120504604696337600243645942350"
}
},
{
"id": "CVE-2022-39259-e8408302",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/plugins/quark/QuarkReportPanel.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"291735249237550580549946372190987210068",
"25389644010090659815507036929757520283",
"72536004562386291722138472057529205794",
"103753222237851787915726635774226043529",
"53934934820823074586903316000687786535",
"293665210489985632373121557907078794827",
"124858439719427409839104296057437266308",
"17856708183522425265267244324727083642",
"55860154051198336478956616765825504077",
"66406767676995622937715435357044591849",
"6652976621635880920035517994415323223",
"236728287278458843774115032273668148156"
],
"threshold": 0.9
}
},
{
"id": "CVE-2022-39259-efe7862c",
"source": "https://github.com/skylot/jadx/commit/6844a46c93a4c911196b47ad3492da15935711b9",
"signature_type": "Line",
"target": {
"file": "jadx-gui/src/main/java/jadx/gui/ui/TabComponent.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"183704651930268534548537309504130819403",
"182194241384994124958586151731802730033",
"285162891256828883616944569093184337222",
"271271890372961190701730477384867657955",
"152354378263185937191537684906260729945",
"17452023109306119922975437470775388486",
"90165393011078285841369069081146065128",
"15227208811419358029780333560429311053"
],
"threshold": 0.9
}
}
]