FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. http://jfreechart.com https://gist.github.com/LLM4IG/115de1f7c3051403f0301cee0d293518 https://github.com/jfree/jfreechart
Created bionetgen tracking bugs for this issue: Affects: epel-all [bug 2274496] Affects: fedora-all [bug 2274497] Created jfreechart tracking bugs for this issue: Affects: fedora-all [bug 2274498]
Hi, I think we need to be careful about all these NPE security issues opened in random Java Open Source projects lately. They are most probably generated by an AI and invalid: passing null as a parameter and getting a NPE is not surprising at all and most of the time won't lead to any security issue. For instance, see Joda Time's response for a similar "CVE" open recently: https://www.joda.org/joda-time/security.html ** DISPUTED ** Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. Posting here but I saw several others coming.
Yeah. A NullPointerException in Java is just an exception, and that usually means that either the calling code will catch it and possibly display an error dialogue, or not catch it and the program will terminate with a backtrace. It may be a _bug_, but it hardly seems relevant for security.