[BATIK-1333] Block external resource before calling fop - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15
Component/s: None
Labels:
None

Description

We should block external resource before fop is called

PDFTranscoder transcoder = new PDFTranscoder();
TranscoderInput xIn = new TranscoderInput(new FileInputStream("test.svg"));
TranscoderOutput xOut = new TranscoderOutput(new ByteArrayOutputStream());
transcoder.addTranscodingHint(PDFTranscoder.KEY_AUTO_FONTS, false);
transcoder.addTranscodingHint(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, false);
transcoder.transcode(xIn, xOut);

CVE-2022-38648

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

test.svg
22/Aug/22 09:23
0.2 kB
Simon Steiner

Activity

People

Assignee:: Simon Steiner

Reporter:: Simon Steiner

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Aug/22 09:22

Updated:: 22/Sep/22 12:09

Resolved:: 22/Aug/22 09:24