You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-dev@xmlgraphics.apache.org by "Simon Steiner (Jira)" <ji...@apache.org> on 2022/09/22 12:10:00 UTC
[jira] [Updated] (BATIK-1333) Block external resource before calling fop
[ https://issues.apache.org/jira/browse/BATIK-1333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Simon Steiner updated BATIK-1333:
---------------------------------
Description:
We should block external resource before fop is called
PDFTranscoder transcoder = new PDFTranscoder();
TranscoderInput xIn = new TranscoderInput(new FileInputStream("test.svg"));
TranscoderOutput xOut = new TranscoderOutput(new ByteArrayOutputStream());
transcoder.addTranscodingHint(PDFTranscoder.KEY_AUTO_FONTS, false);
transcoder.addTranscodingHint(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, false);
transcoder.transcode(xIn, xOut);
CVE-2022-38648
was:
We should block external resource before fop is called
PDFTranscoder transcoder = new PDFTranscoder();
TranscoderInput xIn = new TranscoderInput(new FileInputStream("test.svg"));
TranscoderOutput xOut = new TranscoderOutput(new ByteArrayOutputStream());
transcoder.addTranscodingHint(PDFTranscoder.KEY_AUTO_FONTS, false);
transcoder.addTranscodingHint(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, false);
transcoder.transcode(xIn, xOut);
> Block external resource before calling fop
> ------------------------------------------
>
> Key: BATIK-1333
> URL: https://issues.apache.org/jira/browse/BATIK-1333
> Project: Batik
> Issue Type: Bug
> Reporter: Simon Steiner
> Assignee: Simon Steiner
> Priority: Major
> Fix For: 1.15
>
> Attachments: test.svg
>
>
> We should block external resource before fop is called
> PDFTranscoder transcoder = new PDFTranscoder();
> TranscoderInput xIn = new TranscoderInput(new FileInputStream("test.svg"));
> TranscoderOutput xOut = new TranscoderOutput(new ByteArrayOutputStream());
> transcoder.addTranscodingHint(PDFTranscoder.KEY_AUTO_FONTS, false);
> transcoder.addTranscodingHint(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, false);
> transcoder.transcode(xIn, xOut);
> CVE-2022-38648
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-help@xmlgraphics.apache.org