com.drewnoakes:metadata-extractor@2.11.0 vulnerabilities
-
latest version
2.19.0
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
4 months ago
-
licenses detected
- [2.6.2,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.drewnoakes:metadata-extractor package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.drewnoakes:metadata-extractor is a Java library for reading metadata from image files. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.18.0)
|
com.drewnoakes:metadata-extractor is a Java library for reading metadata from image files. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via a specially crafted JPEG file, that when read can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.18.0)
|
com.drewnoakes:metadata-extractor is a Java library for reading metadata from image files. Affected versions of this package are vulnerable to Buffer Overflow. Extraction of light source metadata data from an invalid/corrupt image file can lead to an infinite loop recursion within How to fix Buffer Overflow? Upgrade |
[0,v2.13.0)
|