[
https://issues.apache.org/jira/browse/XGC-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joshua Marquart updated XGC-149:
--------------------------------
Description:
According to the National Vulnerability Database CVE-2026-24806, CVE-2026-24807
applies to batik-codec and xmlgraphics-commons
https://nvd.nist.gov/vuln/detail/CVE-2026-24806
https://nvd.nist.gov/vuln/detail/CVE-2026-24807
https://www.sentinelone.com/vulnerability-database/cve-2026-24806/
This was originally identified in the quick-media fork of batik-codec and was
due to Input validation missing from the `public void write(byte[] b, int off,
int len) throws IOException` methods of
`org.apache.batik.ext.awt.image.codec.png.PNGImageEncoder.java` at line 91 and
`org.apache.batik.ext.awt.image.codec.util.SeekableOutputStream.java` at line
61
{code:java}
if (b == null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || len > b.length - off) {
throw new IndexOutOfBoundsException();
}
{code}
Similar input validation does not exist for the same classes in the batik-codec
1.19 and xmlgraphics-commons 2.11 sources. This is causing the same components
to be flagged with Medium vulnerability in Sonatype Lifecycle.
was:
According to the National Vulnerability Database CVE-2026-24806, CVE-2026-24807
applies to batik-codec and xmlgraphics-commons
https://nvd.nist.gov/vuln/detail/CVE-2026-24806
https://nvd.nist.gov/vuln/detail/CVE-2026-24807
https://www.sentinelone.com/vulnerability-database/cve-2026-24806/
This was originally identified in the quick-media fork of batik-codec and was
due to Input validation missing from the `public void write(byte[] b, int off,
int len) throws IOException` methods of
`org.apache.batik.ext.awt.image.codec.png.PNGImageEncoder.java` at line 91 and
`org.apache.batik.ext.awt.image.codec.util.SeekableOutputStream.java` at line
61
if (b == null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || len > b.length || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
```
Similar input validation does not exist for the same classes in the batik-codec
1.19 and xmlgraphics-commons 2.11 sources. This is causing the same components
to be flagged with Medium vulnerability in Sonatype Lifecycle.
> Apache Batik-Codec implicated by CVE-2026-24806, CVE-2026-24807
> ---------------------------------------------------------------
>
> Key: XGC-149
> URL: https://issues.apache.org/jira/browse/XGC-149
> Project: XMLGraphicsCommons
> Issue Type: Bug
> Components: image writer
> Affects Versions: 2.11
> Reporter: Joshua Marquart
> Priority: Major
> Labels: security-issue
> Attachments:
> Added_defensive_input_validation_to_write_at_offset_for_length.patch,
> xmlg-added_defensive_input_validation_to_write_at_offset_for_len.patch
>
>
> According to the National Vulnerability Database CVE-2026-24806,
> CVE-2026-24807 applies to batik-codec and xmlgraphics-commons
> https://nvd.nist.gov/vuln/detail/CVE-2026-24806
> https://nvd.nist.gov/vuln/detail/CVE-2026-24807
> https://www.sentinelone.com/vulnerability-database/cve-2026-24806/
> This was originally identified in the quick-media fork of batik-codec and was
> due to Input validation missing from the `public void write(byte[] b, int
> off, int len) throws IOException` methods of
> `org.apache.batik.ext.awt.image.codec.png.PNGImageEncoder.java` at line 91
> and `org.apache.batik.ext.awt.image.codec.util.SeekableOutputStream.java` at
> line 61
> {code:java}
> if (b == null) {
> throw new NullPointerException();
> }
> if (off < 0 || len < 0 || len > b.length - off) {
> throw new IndexOutOfBoundsException();
> }
> {code}
> Similar input validation does not exist for the same classes in the
> batik-codec 1.19 and xmlgraphics-commons 2.11 sources. This is causing the
> same components to be flagged with Medium vulnerability in Sonatype Lifecycle.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
