Quick-Media Batik Codec FIX package has Code Injection vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.

This issue affects all quick-media versions. A patch is available: e52fcee

References

Published by the National Vulnerability Database Jan 27, 2026

Published to the GitHub Advisory Database Jan 27, 2026

Reviewed Jan 28, 2026

Last updated Jan 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v4 base metrics

Exploitability Metrics

Vulnerable System Impact Metrics

Subsequent System Impact Metrics

CVSS v4 base metrics

Exploitability Metrics

Vulnerable System Impact Metrics

Subsequent System Impact Metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Improper Control of Generation of Code ('Code Injection')

CVE ID

GHSA ID

Source code

Uh oh!