A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
https://www.debian.org/security/2022/dsa-5264
https://security.gentoo.org/glsa/202401-11
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
http://www.openwall.com/lists/oss-security/2022/10/25/2
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
Source: Mitre, NVD
Published: 2022-10-25
Updated: 2024-01-07
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Severity: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.00155