[ https://issues.apache.org/jira/browse/IMAGING-343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory resolved IMAGING-343. ------------------------------------- Fix Version/s: 1.0-alpha1 Resolution: Fixed > Apache Commons Imaging 0.97 - CVE-2018-17202 > -------------------------------------------- > > Key: IMAGING-343 > URL: https://issues.apache.org/jira/browse/IMAGING-343 > Project: Commons Imaging > Issue Type: Bug > Affects Versions: 0.97 > Reporter: Nikhil > Priority: Major > Fix For: 1.0-alpha1 > > > Certain input files could make the code to enter into an infinite loop when > Apache Sanselan 0.97-incubator was used to parse them, which could be used in > a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache > Commons Imaging. > > See [https://nvd.nist.gov/vuln/detail/CVE-2018-17202] for more details. > > There is Apache Commons Imaging 1.0-{*}alpha3{*} version available.. but we > are trying to understand if a new *GA* will be made available and also to see > if this specific CVE is addressed in the latest versions ? > > Please help -- This message was sent by Atlassian Jira (v8.20.10#820010)