Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input
Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Batik versions before 1.16 allow arbitrary code execution via untrusted Java code embedded in SVG files.
Vulnerability
Description
CVE-2022-41704 is a vulnerability in Apache XML Graphics Batik that allows an attacker to execute untrusted Java code from an SVG file due to the lack of restrictions on loading jar files embedded within SVG content. The Apache XML Graphics project describes this as an information disclosure vulnerability, but the ability to run arbitrary code extends the potential impact to full remote code execution [1][4]. The issue affects all Batik versions from 1.0 up to and including 1.15 [4].
Attack
Vector and Exploitation
The attack vector relies on Batik's parser loading untrusted Java classes from jar archives that are specified within an SVG file. An attacker can craft a malicious SVG that references an external or embedded jar, which is then processed by Batik when the SVG is rendered or converted. No authentication is required beyond the victim opening the SVG in an application that uses Batik (e.g., a web browser or document converter) [2][4]. The vulnerability is classified as medium severity by the Apache Software Foundation [4].
Impact
Successful exploitation could allow an attacker to execute arbitrary Java code within the context of the application using Batik, leading to information disclosure, data manipulation, or further system compromise. Batik is used in many enterprise applications for SVG rendering and conversion, increasing the potential reach of this attack [1][3][4].
Mitigation
Users should upgrade to Apache Batik 1.16 or later, which blocks the loading of jars by default. The fix was released on the same day the CVE was made public [3][4]. No workarounds are documented for older versions. Batik 1.16 also addresses several related SSRF vulnerabilities, making it a critical security update for all affected deployments [3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.xmlgraphics:batikMaven | < 1.16 | 1.16 |
Affected products
5- ghsa-coords4 versionspkg:maven/org.apache.xmlgraphics/batikpkg:rpm/opensuse/xmlgraphics-batik&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.16+ 3 more
- (no CPE)range: < 1.16
- (no CPE)range: < 1.17-150200.4.7.1
- (no CPE)range: < 1.17-150200.4.7.1
- (no CPE)range: < 1.17-2.7.1
- Apache Software Foundation/Apache XML Graphicsv5Range: Batik
Patches
1905f368b50c2BATIK-1338: Block loading jar inside svg
2 files changed · +20 −1
batik-bridge/src/main/java/org/apache/batik/bridge/DefaultScriptSecurity.java+3 −1 modified@@ -20,6 +20,8 @@ Licensed to the Apache Software Foundation (ASF) under one or more import org.apache.batik.util.ParsedURL; +import static org.apache.batik.util.SVGConstants.SVG_SCRIPT_TYPE_JAVA; + /** * Default implementation for the <code>ScriptSecurity</code> interface. * It allows all types of scripts to be loaded, but only if they @@ -76,7 +78,7 @@ public DefaultScriptSecurity(String scriptType, ParsedURL docURL){ // Make sure that the archives comes from the same host // as the document itself - if (docURL == null) { + if (docURL == null || SVG_SCRIPT_TYPE_JAVA.equals(scriptType)) { se = new SecurityException (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL, new Object[]{scriptURL}));
batik-test-old/src/test/java/org/apache/batik/bridge/DefaultScriptSecurityTestCase.java+17 −0 modified@@ -22,6 +22,8 @@ Licensed to the Apache Software Foundation (ASF) under one or more import org.junit.Assert; import org.junit.Test; +import static org.apache.batik.util.SVGConstants.SVG_SCRIPT_TYPE_JAVA; + public class DefaultScriptSecurityTestCase { @Test public void testUrls() { @@ -37,4 +39,19 @@ public void testUrls() { "which comes from different location than the document itself. This is not allowed with the current " + "security settings and that script will not be loaded."); } + + @Test + public void testJarFile() { + ParsedURL docUrl = new ParsedURL(""); + ParsedURL scriptUrl = new ParsedURL("poc.jar"); + String ex = ""; + try { + new DefaultScriptSecurity(SVG_SCRIPT_TYPE_JAVA, scriptUrl, docUrl).checkLoadScript(); + } catch (SecurityException e) { + ex = e.getMessage(); + } + Assert.assertEquals(ex, "Could not access the current document URL when trying to load script file " + + "file:poc.jar. Script will not be loaded as it is not possible to verify it comes from the same location " + + "as the document."); + } }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- github.com/advisories/GHSA-r29w-r9ph-vm76ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41704ghsaADVISORY
- security.gentoo.org/glsa/202401-11ghsavendor-advisoryWEB
- www.debian.org/security/2022/dsa-5264ghsavendor-advisoryWEB
- svn.apache.org/repos/asf/xmlgraphics/batik/trunkghsaWEB
- www.openwall.com/lists/oss-security/2022/10/25/2ghsamailing-listWEB
- github.com/apache/xmlgraphics-batik/commit/905f368b50c2567cf2c4869a0ab596a7b1b5125cghsaWEB
- issues.apache.org/jira/browse/BATIK-1338ghsaWEB
- lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xfghsaWEB
- lists.debian.org/debian-lts-announce/2022/10/msg00038.htmlghsamailing-listWEB
- xmlgraphics.apache.org/security.htmlghsaWEB
News mentions
0No linked articles in our index yet.