CVE-2026-24806
- Source
- https://cve.org/CVERecord?id=CVE-2026-24806
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24806.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24806
- Aliases
- Published
- 2026-01-27T09:15:50.743Z
- Modified
- 2026-01-29T06:51:18.763231Z
- Severity
-
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber CVSS Calculator
- Summary
- [none]
- Details
-
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.
This issue affects quick-media: before v1.0.
- References
Affected packages
Git / github.com/liuyueyi/quick-media
Affected ranges
- Type
- GIT
- Repo
- https://github.com/liuyueyi/quick-media
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24806.json"
vanir_signatures
[
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 212.0,
"function_hash": "133985458931136974083308952967046502120"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java",
"function": "lunarMonthToChinese"
},
"id": "CVE-2026-24806-0073626a"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"line_hashes": [
"143588447634546332572248594508445712282",
"238706059907774579820390181796393388222",
"66605439906492414024481115058488071684",
"291587806786052033829369996629962719833",
"170527377415383449649275658196964620094",
"110606388158184643810532193876000452812",
"283305717280512576983672842174011997304",
"78748701094841574212597086354168071587"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "plugins/date-plugin/src/test/java/com/github/hui/quick/plugin/test/ChineseDateTest.java"
},
"id": "CVE-2026-24806-0b047bd3"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 120.0,
"function_hash": "224855106687103036519092972892590779966"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/image-plugin/src/main/java/com/github/hui/quick/plugin/image/util/StrListUtil.java",
"function": "toArray"
},
"id": "CVE-2026-24806-0f4787b8"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"line_hashes": [
"314700537272755590928750392727277413456",
"17414265512693038306609738982582304720",
"273662676936391337492498201825804540673",
"122986050669700642106032513190487199951",
"165165851803642793755447244665874594129",
"317167025731530009216612509847461280216",
"264893351297939156816579194553038124007",
"233407643121195832081277259330117299516",
"35314175771711566349641951130059161953",
"269526281643529452442626515757309336552",
"339344237319262050539951685802775858334",
"122929009476424965270458698285661974481",
"250240446094430943953409257337617959400",
"262268958264987399480045158960359756739",
"26967263970487966920256117395657180606",
"325702537464833029659918524001012634807",
"286535219296180748642778267434535328203",
"219152196416134111208976979421933197478",
"316065928907959104453818318886620088322",
"327497768863916891822169464247492542886",
"284585674563937377772782152114046690295",
"81632614615847220740732222774278637129",
"217010313269076349141463569370731894090",
"270136921650170316483038439983531931114",
"317252226118099373088300961459086238403",
"161805535196585695044683101330408472267",
"154457625951925768074513471351112815102",
"110407584779178314280175621087102999866"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "plugins/base-plugin/src/main/java/com/github/hui/quick/plugin/base/FileWriteUtil.java"
},
"id": "CVE-2026-24806-1dac07bc"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"line_hashes": [
"62433844824187468332730286525437368214",
"127887869827916841096968080320397907858",
"277849609462560759495127555935849980951",
"92829781544269656757499447589446500699"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "plugins/image-plugin/src/main/java/com/github/hui/quick/plugin/image/util/StrListUtil.java"
},
"id": "CVE-2026-24806-27aed820"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 110.0,
"function_hash": "284309869836392751058659095955336591049"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/base-plugin/src/main/java/com/github/hui/quick/plugin/base/FileWriteUtil.java",
"function": "getTmpPath"
},
"id": "CVE-2026-24806-2b571d56"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 136.0,
"function_hash": "62037508382022081010827188569474478583"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java",
"function": "hourToChinese"
},
"id": "CVE-2026-24806-2c8dbae7"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 469.0,
"function_hash": "190216902542992669018090269331826932336"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java",
"function": "getNowLunarDate"
},
"id": "CVE-2026-24806-43bdd640"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"line_hashes": [
"205504032730981125958703815043777434357",
"123582755059348198831895565723490776358",
"338379803881240107024792049072198883152",
"9276177922876059672894447009366539226",
"138660393788950803622621953741485252590",
"245289670535760511847486241701344028879",
"267948592999772922339352477031385176302",
"264599446524469429660487993695438290686",
"330157294280794479685887017740960816518",
"227204020987752327837009274999196709458",
"119223949491964241308100562746668824084",
"39506798953296566648322768503408953263",
"253463046669102459638520387933347730282",
"126024108702271737783110960473050229517",
"130328895026762278315016401910437639171",
"17857712012022939726385448560430858198",
"274628409492346089817330694766184653218",
"295807269879532452596063497860259438975",
"253278067761607906513717562838698368780",
"221039780668319136508024267844719782372",
"147914398185068036062456441361580218194",
"132110304326467236157689065884654903376",
"179989575988014918969673201231781248993",
"227968002593727273511562451358523367414",
"269787111647796149340936682234115847690",
"133364211972867668616323789562149909334",
"252026551889188727662251370969545171565",
"213521490766326118686414848620271215117",
"187493549841290377596589909503943906079",
"329347760351864598708317081693332230385",
"123692849224752554492189048665132302643",
"248187515066610733858774046016786834729",
"174364444524248507722057607169914455664",
"242172871030419858483931315892828256833",
"131862286566762245150178118591197473128",
"328270224827581436541413697422389338322",
"159296811161955305373355863473536084414",
"10719994504174796603743827565371010",
"14723271705166687526719826751205278826",
"264400670131117399346203966465427949452",
"155475825364506025710876678830175740206",
"169395882466887295879794191673656702558",
"300655708163841448299146300559925770531",
"50603420880952905449613427687201612602",
"139225198669038800122799135501432615312",
"37142207151161699148551864851843514952",
"217151284510112729763212421038485056411",
"193779915568999314034249275266409204398",
"21346014075088729418838723767730229993"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java"
},
"id": "CVE-2026-24806-50beec72"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 150.0,
"function_hash": "70413470618776370088116766114422569544"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java",
"function": "asStream"
},
"id": "CVE-2026-24806-696fccb3"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 246.0,
"function_hash": "123900463029372652306670108634234463664"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java",
"function": "lunarDayToChinese"
},
"id": "CVE-2026-24806-71c51b7b"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 49.0,
"function_hash": "24613560233047016535892289466071329727"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java",
"function": "getNowLunarDate"
},
"id": "CVE-2026-24806-75186501"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"line_hashes": [
"137430098050455529665615686658639298487",
"192818078139785591742516227914457469340",
"50341632573053213457320985555735424015",
"315248636843648194141846129888524262170",
"116924792850941599979372338976075355900",
"140760845845935486816045392607451937987",
"255810058112299375427063722814064092096"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "plugins/phantom-plugin/src/main/java/com/github/hui/quick/plugin/phantom/Html2ImageByJsWrapper.java"
},
"id": "CVE-2026-24806-8abff8a1"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 102.0,
"function_hash": "135734161104185293757532799141937679004"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java",
"function": "of"
},
"id": "CVE-2026-24806-8e363aae"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 106.0,
"function_hash": "34753085874957069049390369267182481333"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/base-plugin/src/main/java/com/github/hui/quick/plugin/base/FileWriteUtil.java",
"function": "genTempFileName"
},
"id": "CVE-2026-24806-bda19682"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 354.0,
"function_hash": "25156485155344010764116768201276439498"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/phantom-plugin/src/main/java/com/github/hui/quick/plugin/phantom/Html2ImageByJsWrapper.java",
"function": "getPhantomJs"
},
"id": "CVE-2026-24806-ca1122dc"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 539.0,
"function_hash": "249476228139240004556182540192206364905"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java",
"function": "builder"
},
"id": "CVE-2026-24806-cab2ccbf"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"line_hashes": [
"246555574334969771639171213786394068633",
"311670058690317279338176936134350841567",
"166986087920853472713804709037763009749",
"135202348951026976275036754549058498998",
"59898637628015660672792252887201146393",
"237595723986739559763242907452547490357",
"296813761762454127400505114894215424413",
"326220539354755276384185404599456910370",
"30990427303348842818455897377374765970",
"189366319037949689317331832434369985053",
"129427321554683597607376431846109430654",
"223173951229679482090499715998569982571",
"209631787050938358176619210752324777630",
"18985484495013406532311611677454562454",
"82794568687316045337389179385854959226",
"234074990832256920360737512765656732972",
"325487319580052847096356030015044994069",
"123567339036404536800584455398151171649",
"154615222311356117017819387294785175503",
"255881579357492566523855828352776924142",
"171255799568170406801472508265127801379",
"284458599221291609317032688250648531293",
"330616618679825964543275995960636941210",
"26738785823900276895782007324032536803",
"334403011989226997216143889461021589132",
"185666879563902326785511276016369866742",
"237559990588291567829665611144059227342",
"40937641854044291091721782657293483545",
"24654933337190869846670027330979445526",
"61538893876123518522238940644028830945",
"272123267835154834268550584225782714734",
"272852137923314393531495560025961754215",
"261897284350657666532987439901521431747",
"286544898156906225814903710510616766258",
"136971258137020363992124923221979430432",
"208989713695330603411030135513876897862",
"86900723587811449099176648362392537917",
"49401238373358749148079447852396130175",
"306369855437337945136684908507924515907",
"68637222775910321456001246190710004109"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java"
},
"id": "CVE-2026-24806-cc5e3133"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 148.0,
"function_hash": "249659723703476991777180578093401132236"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/test/java/com/github/hui/quick/plugin/test/ChineseDateTest.java",
"function": "testDate2Lunar"
},
"id": "CVE-2026-24806-ccee6c03"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 102.0,
"function_hash": "135734161104185293757532799141937679004"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java",
"function": "of"
},
"id": "CVE-2026-24806-d86e7aa3"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 102.0,
"function_hash": "135734161104185293757532799141937679004"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java",
"function": "of"
},
"id": "CVE-2026-24806-db61f84d"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 118.0,
"function_hash": "29001964291936664690867476481985413877"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/audio-plugin/src/main/java/com/github/hui/quick/plugin/audio/AudioWrapper.java",
"function": "asFile"
},
"id": "CVE-2026-24806-dc858115"
},
{
"source": "https://github.com/liuyueyi/quick-media/commit/a8b5d8da1ffc6a93a7d2caeab87b62e2b6f5b945",
"digest": {
"length": 111.0,
"function_hash": "195119430905264466785628782754624977879"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "plugins/date-plugin/src/main/java/com/github/hui/quick/plugin/date/ChineseDateExtendTool.java",
"function": "lunarYearToGanZhi"
},
"id": "CVE-2026-24806-eb29b1e8"
}
]