CNNVD-202601-1147 Information
CNNVD ID
CNNVD-202601-1147
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
Bio-Formats是Open Microscopy Environment开源的一个读取和写入各种显微成像专有文件格式的Java库。 Bio-Formats 8.3.0及之前版本存在代码问题漏洞,该漏洞源于Leica Microsystems元数据解析组件存在XML外部实体漏洞,可能导致服务端请求伪造、本地资源访问或拒绝服务。
Description (English)
Bio-Formats is a Java library that reads and writes into various microimage-specific file formats from Open Microscopy Environment. Bio-Formats 8.3.0 and previous versions had a code problem loophole, which stemmed from the presence of an XML external entity gap in the Leica Microsystems metadata analysis component, which could lead to a service-side request for forgery, local resource access or denial of service.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Open Microscopy Environment
Published
2026-01-07
Last Modified
2026-02-24
References
https://docs.openmicroscopy.org/bio-formats/ https://seclists.org/fulldisclosure/2026/Jan/6 https://www.vulncheck.com/advisories/bio-formats-xxe-in-leica-xlef-metadata-parser
Share on: