Vulnerability Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Batik | >= 1.0, < 1.16 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/25/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xfVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202401-11
- https://www.debian.org/security/2022/dsa-5264Third Party Advisory
- http://www.openwall.com/lists/oss-security/2022/10/25/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xfVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202401-11
- https://www.debian.org/security/2022/dsa-5264Third Party Advisory
FAQ
What is CVE-2022-41704?
CVE-2022-41704 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version ...
How severe is CVE-2022-41704?
CVE-2022-41704 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41704?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Batik, Debian Debian Linux.