Date: Fri, 3 May 2019 09:36:36 +0000 (UTC) From: "Bruno P. Kinoshita" <kinow@...che.org> To: "announce@...che.org" <announce@...che.org>, "dev@...mons.apache.org" <dev@...mons.apache.org>, "guidovranken@...il.com" <guidovranken@...il.com>, "security@...mons.apache.org" <security@...mons.apache.org>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: [CVE-2018-17202]: Apache Commons Imaging information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Sanselan 0.97-incubator Description: Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. Mitigation: 0.97-incubator users should upgrade to commons-imaging-1.0-alpha1 Credit: This issue was discovered by Guido Vranken. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17202 https://lists.apache.org/thread.html/48a64566999f44290e4fb3b0d2e9a0e1c996902db51258e7aff00dda@%3Cdev.commons.apache.org%3E
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.