CVE-2026-33582

Source
https://cve.org/CVERecord?id=CVE-2026-33582
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33582.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33582
Published
2026-06-09T07:34:02.379Z
Modified
2026-07-08T08:12:49.998738440Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Details

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "2.0.0"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "2.0.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33582.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-434"
    ]
}
References

Affected packages

Git / github.com/apache/answer

Affected ranges

Type
GIT
Repo
https://github.com/apache/answer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.1"
        }
    ]
}

Affected versions

v0.*
v0.4.0
v1.*
v1.0.1
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.0-RC1
v1.2.1
v1.2.1-RC1
v1.6.0
v1.6.0-RC1
v1.7.0
v1.7.0-RC1
v2.*
v2.0.0
v2.0.0-RC1
v2.0.0-RC2
v2.0.1-RC1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33582.json"