Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 3 May 2019 09:36:36 +0000 (UTC)
From: "Bruno P. Kinoshita" <>
To: "" <>, 
	"" <>, 
	"" <>, 
	"" <>, 
	"" <>
Subject: [CVE-2018-17202]: Apache Commons Imaging information disclosure

Severity: Medium

The Apache Software Foundation

Versions Affected:
Apache Sanselan 0.97-incubator

Certain input files could make the code to enter into an infinite loop when Apache Sanselan  0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

0.97-incubator users should upgrade to commons-imaging-1.0-alpha1

This issue was discovered by ´╗┐Guido Vranken.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.