Medium severityOSV Advisory· Published Jan 27, 2026· Updated May 6, 2026
CVE-2026-24807
CVE-2026-24807
Description
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.
This issue affects quick-media: before v1.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.github.liuyueyi.media:batik-codec-fixMaven | <= 3.0.0 | — |
Affected products
1- Range: v0.001, v0.002, v0.003, …
Patches
13970e967f666Fix Buffer Overflow Vulnerability in PNG Codec
1 file changed · +9 −1
plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util/SeekableOutputStream.java+9 −1 modified@@ -59,9 +59,17 @@ public void write(byte[] b) throws IOException { } public void write(byte[] b, int off, int len) throws IOException { - file.write(b, off, len); + if (b == null) { + throw new NullPointerException(); } + if (off < 0 || len < 0 || len > b.length || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } + + file.write(b, off, len); +} + /** * Invokes <code>getFD().sync()</code> on the underlying * <code>RandomAccessFile</code>.
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-23f4-hfmq-94mjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24807ghsaADVISORY
- github.com/liuyueyi/quick-media/commit/3970e967f6661328a5544fd0b977dac1a35e380bghsaWEB
- github.com/liuyueyi/quick-media/pull/123nvdWEB
- github.com/github/advisory-database/pull/7438nvd
- github.com/liuyueyi/quick-media/pull/123nvd
News mentions
0No linked articles in our index yet.