CVE-2026-33582

Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

CVSS 6.5 MEDIUMEPSS 0.5%CWE-434

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Apache Software Foundation · Apache Answer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/3sgpx4cwsgpnt66xv3cqvtc8z4st1kbq http://www.openwall.com/lists/oss-security/2026/06/09/5