VYPR

Maven package

ome/pom-bio-formats

pkg:maven/ome/pom-bio-formats

Vulnerabilities (2)

  • CVE-2026-22187Jan 7, 2026
    affected <= 8.3.0

    Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without vali

  • CVE-2026-22186Jan 7, 2026
    affected <= 8.3.0

    Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component (e.g., XLEF). The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, all