CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Published: Oct 25, 2022
Updated: Jan 8, 2024
CVE: CVE-2022-41704
GHSA: GHSA-r29w-r9ph-vm76
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
apache / batik	1.0	1.16
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
org.apache.xmlgraphics / batik	-	1.16

http://www.openwall.com/lists/oss-security/2022/10/25/2
https://github.com/apache/xmlgraphics-batik/commit/905f368b50c2567cf2c4869a0ab596a7b1b5125c
https://issues.apache.org/jira/browse/BATIK-1338
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
https://security.gentoo.org/glsa/202401-11
https://www.debian.org/security/2022/dsa-5264
https://xmlgraphics.apache.org/security.html

Vulnerability Database

289,599

CVE-2022-41704