You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by Tim Allison <ta...@apache.org> on 2018/04/25 17:01:30 UTC
[CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser
CVE-2018-1338 – DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: <1.18
Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's BPGParser.
Mitigation: Turn off the BPGParser or upgrade to Apache Tika >=1.18.
Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).