USN-6117-1: Apache Batik vulnerabilities
30 May 2023
Several security issues were fixed in Apache Batik.
- batik - SVG Library
It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)
It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.