CVE-2026-33582
Last modified
CVE-2026-33582 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Answer | < 2.0.1 |
References
- https://lists.apache.org/thread/3sgpx4cwsgpnt66xv3cqvtc8z4st1kbqMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/06/09/5Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-33582?
How severe is CVE-2026-33582?
How do I fix CVE-2026-33582?
Are you affected by CVE-2026-33582?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST