You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Tim Allison <ta...@apache.org> on 2019/08/02 11:33:38 UTC

[CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper

Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika  1.7 to 1.21

Description:
A carefully crafted or corrupt zip file can cause an OOM in Apache
Tika's RecursiveParserWrapper in versions 1.7-1.21.


Mitigation:
Apache Tika users should upgrade to 1.22 or later.


Credit:
This issue was discovered by RunningSnail.