[
https://issues.apache.org/jira/browse/XGC-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joshua Marquart updated XGC-149:
--------------------------------
Labels: security-issue (was: )
> Apache Batik-Codec implicated by CVE-2026-24806, CVE-2026-24807
> ---------------------------------------------------------------
>
> Key: XGC-149
> URL: https://issues.apache.org/jira/browse/XGC-149
> Project: XMLGraphicsCommons
> Issue Type: Bug
> Components: image writer
> Affects Versions: 2.11
> Reporter: Joshua Marquart
> Priority: Major
> Labels: security-issue
> Attachments:
> Added_defensive_input_validation_to_write_at_offset_for_length.patch,
> xmlg-added_defensive_input_validation_to_write_at_offset_for_len.patch
>
>
> According to the National Vulnerability Database CVE-2026-24806,
> CVE-2026-24807 applies to batik-codec
> https://nvd.nist.gov/vuln/detail/CVE-2026-24806
> https://nvd.nist.gov/vuln/detail/CVE-2026-24807
> https://www.sentinelone.com/vulnerability-database/cve-2026-24806/
> This was identified in the quick-media fork of batik-codec and was due to
> Input validation missing from the `public void write(byte[] b, int off, int
> len) throws IOException` methods of
> `org.apache.batik.ext.awt.image.codec.png.PNGImageEncoder.java` at line 91
> and `org.apache.batik.ext.awt.image.codec.util.SeekableOutputStream.java` at
> line 61
> ```
> // Input validation
> if (b == null) {
> throw new NullPointerException();
> }
>
> if (off < 0 || len < 0 || len > b.length || off > b.length - len) {
> throw new ArrayIndexOutOfBoundsException();
> }
> ```
> Similar input validation does not exist in the apache batik-codec 1.19 source
> download.
> This is causing components to be flagged with Medium vulnerability in
> Sonatype Lifecycle.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
