Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <891206008.3759791.1556876093022@mail.yahoo.com>
Date: Fri, 3 May 2019 09:34:53 +0000 (UTC)
From: "Bruno P. Kinoshita" <kinow@...che.org>
To: "announce@...che.org" <announce@...che.org>, 
	"dev@...mons.apache.org" <dev@...mons.apache.org>, 
	"guidovranken@...il.com" <guidovranken@...il.com>, 
	"security@...mons.apache.org" <security@...mons.apache.org>, 
	"oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2018-17201]: Apache Commons Imaging information disclosure
 vulnerability

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Sanselan 0.97-incubator

Description:
Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

Mitigation:
0.97-incubator users should upgrade to commons-imaging-1.0-alpha1

Credit:
This issue was discovered by Guido Vranken.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17201
https://lists.apache.org/thread.html/48a64566999f44290e4fb3b0d2e9a0e1c996902db51258e7aff00dda@%3Cdev.commons.apache.org%3E

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.