commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruno P. Kinoshita" <ki...@apache.org>
Subject [CVE-2018-17201]: Apache Commons Imaging information disclosure vulnerability
Date Fri, 03 May 2019 09:34:53 GMT
Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Sanselan 0.97-incubator

Description:
Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used
to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating)
was renamed to Apache Commons Imaging.

Mitigation:
0.97-incubator users should upgrade to commons-imaging-1.0-alpha1

Credit:
This issue was discovered by ´╗┐Guido Vranken.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17201
https://lists.apache.org/thread.html/48a64566999f44290e4fb3b0d2e9a0e1c996902db51258e7aff00dda@%3Cdev.commons.apache.org%3E

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message