[ https://issues.apache.org/jira/browse/IMAGING-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17677506#comment-17677506 ]
Gary D. Gregory edited comment on IMAGING-343 at 1/16/23 8:33 PM: ------------------------------------------------------------------ 0.97-incubator users should upgrade to commons-imaging-1.0-alpha1 or later. was (Author: garydgregory): 0.97-incubator users should upgrade to commons-imaging-1.0-alpha1 > Apache Commons Imaging 0.97 - CVE-2018-17202 > -------------------------------------------- > > Key: IMAGING-343 > URL: https://issues.apache.org/jira/browse/IMAGING-343 > Project: Commons Imaging > Issue Type: Bug > Affects Versions: 0.97 > Reporter: Nikhil > Priority: Major > > Certain input files could make the code to enter into an infinite loop when > Apache Sanselan 0.97-incubator was used to parse them, which could be used in > a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache > Commons Imaging. > > See [https://nvd.nist.gov/vuln/detail/CVE-2018-17202] for more details. > > There is Apache Commons Imaging 1.0-{*}alpha3{*} version available.. but we > are trying to understand if a new *GA* will be made available and also to see > if this specific CVE is addressed in the latest versions ? > > Please help -- This message was sent by Atlassian Jira (v8.20.10#820010)