CVE-2026-24807: Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec

January 27, 2026 (updated January 28, 2026)

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.

References

github.com/advisories/GHSA-23f4-hfmq-94mj
github.com/liuyueyi/quick-media
github.com/liuyueyi/quick-media/commit/3970e967f6661328a5544fd0b977dac1a35e380b
github.com/liuyueyi/quick-media/pull/123
nvd.nist.gov/vuln/detail/CVE-2026-24807

Code Behaviors & Features

Detect and mitigate CVE-2026-24807 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →