CVE-2022-41704

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41704

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41704.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41704

Aliases

GHSA-r29w-r9ph-vm76

Related

Published

2022-10-25T17:15:57Z

Modified

2025-01-08T09:11:26.544449Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

References

Affected packages

Debian:11 / batik

Package

Name: batik
Purl: pkg:deb/debian/batik?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12-4+deb11u1

Affected versions

1.*

1.12-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / batik

Package

Name: batik
Purl: pkg:deb/debian/batik?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / batik

Package

Name: batik
Purl: pkg:deb/debian/batik?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/batik

Affected ranges

Type: GIT
Repo: https://github.com/apache/batik
Events: Introduced

1b708df57205a70c2c9fb8235ff5eab837609968

Fixed

8e94aaaf3872a670040c6faebe82c907cb380fad