CNNVD-202601-1148 Information
CNNVD ID
CNNVD-202601-1148
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
Bio-Formats是Open Microscopy Environment开源的一个读取和写入各种显微成像专有文件格式的Java库。 Bio-Formats 8.3.0及之前版本存在代码问题漏洞,该漏洞源于对攻击者控制的.bfmemo缓存文件执行不安全的Java反序列化,可能导致拒绝服务、逻辑操纵或远程代码执行。
Description (English)
Bio-Formats is a Java library that reads and writes into various microimage-specific file formats from Open Microscopy Environment. Bio-Formats 8.3.0 and previous versions had a code problem loophole, which stemmed from the unsafe Java back-sequencing of the .bfmemo cache file over the attackers, which could lead to the denial of services, logical manipulation or remote code execution.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Open Microscopy Environment
Published
2026-01-07
Last Modified
2026-02-24
References
https://docs.openmicroscopy.org/bio-formats/ https://seclists.org/fulldisclosure/2026/Jan/7 https://www.vulncheck.com/advisories/bio-formats-memoizer-unsafe-deserialization-via-bfmemo-cache-files
Share on: