Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.github.liuyueyi.media/batik-codec-fix@3.0.0

Type maven

Namespace com.github.liuyueyi.media

Name batik-codec-fix

Version 3.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-266r-2mf7-2fga

vulnerability_id

VCID-266r-2mf7-2fga

summary

Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.

references

reference_url

https://github.com/liuyueyi/quick-media

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liuyueyi/quick-media

reference_url

https://github.com/liuyueyi/quick-media/commit/3970e967f6661328a5544fd0b977dac1a35e380b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liuyueyi/quick-media/commit/3970e967f6661328a5544fd0b977dac1a35e380b

reference_url

https://github.com/liuyueyi/quick-media/pull/123

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liuyueyi/quick-media/pull/123

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24807

reference_id

CVE-2026-24807

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24807

reference_url	https://github.com/advisories/GHSA-23f4-hfmq-94mj
reference_id	GHSA-23f4-hfmq-94mj
reference_type
scores
url	https://github.com/advisories/GHSA-23f4-hfmq-94mj

fixed_packages

aliases

CVE-2026-24807, GHSA-23f4-hfmq-94mj

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-266r-2mf7-2fga

url

VCID-xk2c-sk6k-k3bf

vulnerability_id

VCID-xk2c-sk6k-k3bf

summary

Quick-Media Batik Codec FIX package has Code Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.

This issue affects all quick-media versions. A patch is available: [e52fcee](https://github.com/liuyueyi/quick-media/commit/e52fceee32775a6be8ed1e394fbe94f4f8db036a)

references

reference_url

https://github.com/liuyueyi/quick-media

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liuyueyi/quick-media

reference_url

https://github.com/liuyueyi/quick-media/commit/29c078450ad2865c7ad196c658cacfab55b207ee

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liuyueyi/quick-media/commit/29c078450ad2865c7ad196c658cacfab55b207ee

reference_url

https://github.com/liuyueyi/quick-media/pull/122

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liuyueyi/quick-media/pull/122

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24806

reference_id

CVE-2026-24806

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24806

reference_url	https://github.com/advisories/GHSA-8623-9fwr-4cxv
reference_id	GHSA-8623-9fwr-4cxv
reference_type
scores
url	https://github.com/advisories/GHSA-8623-9fwr-4cxv

fixed_packages

aliases

CVE-2026-24806, GHSA-8623-9fwr-4cxv

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xk2c-sk6k-k3bf

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.github.liuyueyi.media/batik-codec-fix@3.0.0

Package Instance