CVE-2026-33582

medium

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

References

https://lists.apache.org/thread/3sgpx4cwsgpnt66xv3cqvtc8z4st1kbq

http://www.openwall.com/lists/oss-security/2026/06/09/5

Details

Source: Mitre, NVD

Published: 2026-06-09

Updated: 2026-06-09

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018