CVE-2022-34169 - Integer Truncation Issue

Severity: None2022-10-13

Security Advisories


The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected.

The Oxygen products incorporate Apache Xalan Java as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Author v25.0 and olderNone N/A
Oxygen XML Developer v25.0 and olderNone N/A
Oxygen XML Editor v25.0 and olderNone N/A





Severity: High

CVSS Score: 7.5

The Apache Xalan Java third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-34169 vulnerability description. However, Oxygen XML products does not use Apache Xalan Java to generate Java classes from XSLT. For that reason, our products are not affected by this vulnerability.

List of Security Advisories