First published: Tue Oct 25 2022(Updated: )
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/batik | <1.10-2~18.04.1 | 1.10-2~18.04.1 |
ubuntu/batik | <1.12-1ubuntu0.1 | 1.12-1ubuntu0.1 |
ubuntu/batik | <1.14-1ubuntu0.2 | 1.14-1ubuntu0.2 |
ubuntu/batik | <1.14-2ubuntu0.1 | 1.14-2ubuntu0.1 |
ubuntu/batik | <1.7.ubuntu-8ubuntu2.14.04.3+ | 1.7.ubuntu-8ubuntu2.14.04.3+ |
ubuntu/batik | <1.8-3ubuntu1+ | 1.8-3ubuntu1+ |
>=1.0<1.16 | ||
=10.0 | ||
=11.0 | ||
Apache Batik | >=1.0<1.16 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
maven/org.apache.xmlgraphics:batik | <1.16 | 1.16 |
redhat/org.apache.xmlgraphics batik | <1.16 | 1.16 |
debian/batik | <=1.10-2+deb10u1 | 1.10-2+deb10u3 1.12-4+deb11u2 1.12-4+deb11u1 1.16+dfsg-1+deb12u1 1.17+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw in Batik is CVE-2022-41704.
CVE-2022-41704 has a severity level of high.
The affected software for CVE-2022-41704 is Batik of Apache XML Graphics prior to version 1.16.
To fix CVE-2022-41704, it is recommended to update to version 1.16 of Apache XML Graphics.
You can find more information about CVE-2022-41704 at the following references: [Link 1](https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf), [Link 2](http://www.openwall.com/lists/oss-security/2022/10/25/2), [Link 3](https://www.debian.org/security/2022/dsa-5264).