Download
| Alert*
|
oval:org.secpod.oval:def:602017
libbatik-java is installed oval:org.secpod.oval:def:52436 batik: xml.apache.org SVG Library Batik could be made to consume resources or expose sensitive information. oval:org.secpod.oval:def:602012 Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause reso ... oval:org.secpod.oval:def:703589 batik: SVG Library Apache Batik would allow unintended access to files over the network or could be made to crash. oval:org.secpod.oval:def:52856 batik: SVG Library Apache Batik would allow unintended access to files over the network or could be made to crash. oval:org.secpod.oval:def:1900156 In Apache libbatik-java 1.x before 1.10, when deserializing subclass of`AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.Fix was to check the class type before calling newInstance in deserialization. oval:org.secpod.oval:def:704222 batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML. oval:org.secpod.oval:def:52940 batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML. oval:org.secpod.oval:def:603415 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. oval:org.secpod.oval:def:53341 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. oval:org.secpod.oval:def:88423 It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. |
