ApacheCVELIST:CVE-2018-1338

HistoryApr 25, 2018 - 12:00 a.m.

CVE-2018-1338

2018-04-2500:00:00

apache

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika’s BPGParser in versions of Apache Tika before 1.18.

CNA Affected

[
  {
    "product": "Apache Tika",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.18"
      }
    ]
  }
]

References

access.redhat.com/errata/RHSA-2018:2669

lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932%40%3Cdev.tika.apache.org%3E