[jira] [Commented] (XGC-149) Apache Batik-Codec implicated by CVE-2026-24806, CVE-2026-24807

Mon, 06 Apr 2026 08:28:44 -0700 


    [ 
https://issues.apache.org/jira/browse/XGC-149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18071458#comment-18071458
 ] 

Joshua Marquart commented on XGC-149:
-------------------------------------

Found additional in xmlgraphics-commons, which is also being flagged by 
Sonatype:

* PATCH "Added_defensive_input_validation_to_write_at_offset_for_length.patch" 
- applies to batik / batik-transcoder / batik-codec
* PATCH 
"xmlg-added_defensive_input_validation_toi_write_at_offset_for_len.patch" - 
applies to xmlgraphics-commons

> Apache Batik-Codec implicated by CVE-2026-24806, CVE-2026-24807
> ---------------------------------------------------------------
>
>                 Key: XGC-149
>                 URL: https://issues.apache.org/jira/browse/XGC-149
>             Project: XMLGraphicsCommons
>          Issue Type: Bug
>          Components: image writer
>    Affects Versions: 2.11
>            Reporter: Joshua Marquart
>            Priority: Trivial
>         Attachments: 
> Added_defensive_input_validation_to_write_at_offset_for_length.patch, 
> xmlg-added_defensive_input_validation_to_write_at_offset_for_len.patch
>
>
> According to the National Vulnerability Database CVE-2026-24806, 
> CVE-2026-24807 applies to batik-codec
> https://nvd.nist.gov/vuln/detail/CVE-2026-24806
> https://nvd.nist.gov/vuln/detail/CVE-2026-24807
> https://www.sentinelone.com/vulnerability-database/cve-2026-24806/
> This was identified in the quick-media fork of batik-codec and was due to 
> Input validation missing from the `public void write(byte[] b, int off, int 
> len) throws IOException` methods of 
> `org.apache.batik.ext.awt.image.codec.png.PNGImageEncoder.java`  at line 91 
> and `org.apache.batik.ext.awt.image.codec.util.SeekableOutputStream.java`  at 
> line 61 
> ```
> // Input validation
> if (b == null) {
>     throw new NullPointerException();
> }
>    
> if (off < 0 || len < 0 || len > b.length || off > b.length - len) {
>     throw new ArrayIndexOutOfBoundsException();
> }
> ```
> Similar input validation does not exist in the apache batik-codec 1.19 source 
> download.
> This is causing components to be flagged with Medium vulnerability in 
> Sonatype Lifecycle.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to