CVE-2022-39259

LOW

jadx < 1.4.5 - Denial of Service via HTML Sequences in Zip Files

Title source: llm

Description

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/skylot/jadx/security/advisories/GHSA-3r7j-8mqh-6qhx

Scores

CVSS v3 3.3

EPSS 0.0031

EPSS Percentile 22.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

io.github.skylot/jadx-plugins-api 0 - 1.4.5Maven

jadx_project/jadx < 1.4.5

Published Oct 21, 2022

Tracked Since Feb 18, 2026