CVE-2022-34169 - Integer Truncation Issue

Severity: None2022-10-13

Security Advisories

Abstract

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected.

The Oxygen products incorporate Apache Xalan Java as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Author v25.0 and olderNone N/A
Oxygen XML Developer v25.0 and olderNone N/A
Oxygen XML Editor v25.0 and olderNone N/A

Mitigation

None

Detail

CVE-2022-34169

Severity: High

CVSS Score: 7.5

The Apache Xalan Java third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-34169 vulnerability description. However, Oxygen XML products does not use Apache Xalan Java to generate Java classes from XSLT. For that reason, our products are not affected by this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
What is New in Oxygen XML Web Author 26.1
April 24, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor