Apache Tika is vulnerable to denial of service (DoS). When an attacker parses a malicious file as input, it invokes a System.exit
in Tika’s OneNote Parser, subsequently causing an infinite loops or out of memory exceptions in Tika’s ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser.
CPE | Name | Operator | Version |
---|---|---|---|
apache tika parsers | le | 1.24 | |
apache tika parsers | le | 1.2 | |
apache tika parser modules | le | 1.24 | |
apache tika parser modules | le | 1.2 |
github.com/apache/tika/compare/f7f1be6ae18bc5a48701dc47d1378ceb8d7bbc67...e9b2c38663f61dce533d9490afa32e88221d5c73
lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
lists.apache.org/thread.html/r4d943777e36ca3aa6305a45da5acccc54ad894f2d5a07186cfa2442c%40%3Cdev.tika.apache.org%3E
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuoct2020.html