com.drewnoakes:metadata-extractor@2.14.0 vulnerabilities
latest version
2.19.0
latest non vulnerable version
first published
15 years ago
latest version published
1 years ago
licenses detected
- [2.6.2,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.drewnoakes:metadata-extractor package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
com.drewnoakes:metadata-extractor is a Java library for reading metadata from image files. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. How to fix Allocation of Resources Without Limits or Throttling? Upgrade | [,2.18.0) |
com.drewnoakes:metadata-extractor is a Java library for reading metadata from image files. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via a specially crafted JPEG file, that when read can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. How to fix Allocation of Resources Without Limits or Throttling? Upgrade | [,2.18.0) |