imagez icon indicating copy to clipboard operation
imagez copied to clipboard

Published 20 hours ago verified publisher icon mikera

CVE-2005-0406

Open JamesAnthonyPino opened this issue 7 years ago • 2 comments
trafficstars

When running a NVD (National Vulnerability Database) check against this library, CVE-2005-0406 was revealed to be a risk. This check was run using lein nvd check. It is very likely that this vulnerability is due to the dependency com.jhlabs/filters v2.0.235-1, which has the same CVE report. It is unclear if an alternative library can be used to resolve this issue.

JamesAnthonyPino avatar Jul 09 '18 20:07 JamesAnthonyPino

FYI: I just ran both nvd-clojure and clj-watson (latest versions) and neither of them flagged any CVEs in imagez or its dependencies.

seancorfield avatar Sep 27 '22 19:09 seancorfield

I doubt it's a serious risk here. Potential information leak on image processing tools, which probably doesn't affect our use cases in any way. imagez is only really about the pixels, not image metadata.

mikera avatar Oct 04 '22 10:10 mikera