You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Tim Allison <ta...@apache.org> on 2018/12/22 15:28:14 UTC
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in
Tika's SQLite3Parser
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in
Tika's SQLite3Parser
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache Tika 1.8 to 1.19.1
Description:
A carefully crafted or corrupt sqlite file can cause an infinite loop
in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
Mitigation:
Apache Tika users should upgrade to 1.20 or later.
Credit:
This issue was discovered by Tim Allison on the Apache Tika Team.