CVE-2022-39259: 
Java vulnerability analysis and mitigation

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. A vulnerability was discovered affecting versions prior to 1.4.5, identified as CVE-2022-39259. The issue was disclosed on October 20, 2022, and involves a Denial of Service condition when opening zip files containing specific HTML sequences (GitHub Advisory, NVD).

The vulnerability occurs in the jadx-gui component when processing zip files containing HTML sequences. When such files are opened, the interface becomes unresponsive and throws exceptions, specifically a RuntimeException with the message "Can't build aframeset, BranchElement(frameset) 1,3 :no ROWS or COLS defined" in the HTMLEditorKit$HTMLFactory.create method. The issue relates to the HTML rendering feature in Swing components (GitHub Advisory).

When exploited, this vulnerability causes the jadx-gui interface to become unresponsive and throw exceptions, effectively creating a Denial of Service condition. This prevents users from properly using the tool for analyzing Android Dex and Apk files (GitHub Advisory).

The vulnerability has been patched in version 1.4.5 of jadx. Users should upgrade to this version or later to mitigate the issue. For earlier versions, there are no known workarounds (NVD).