Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2005-0406 #39

Open
JamesAnthonyPino opened this issue Jul 9, 2018 · 2 comments
Open

CVE-2005-0406 #39

JamesAnthonyPino opened this issue Jul 9, 2018 · 2 comments
Labels
wontfix

Comments

@JamesAnthonyPino
Copy link

When running a NVD (National Vulnerability Database) check against this library, CVE-2005-0406 was revealed to be a risk. This check was run using lein nvd check. It is very likely that this vulnerability is due to the dependency com.jhlabs/filters v2.0.235-1, which has the same CVE report. It is unclear if an alternative library can be used to resolve this issue.
@seancorfield
Copy link
Contributor

FYI: I just ran both nvd-clojure and clj-watson (latest versions) and neither of them flagged any CVEs in imagez or its dependencies.

@mikera
Copy link
Owner

mikera commented Oct 4, 2022

I doubt it's a serious risk here. Potential information leak on image processing tools, which probably doesn't affect our use cases in any way. imagez is only really about the pixels, not image metadata.

@mikera mikera added the wontfix label Oct 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seancorfield @mikera @JamesAnthonyPino