Lucene search
Veracode Vulnerability DatabaseVERACODE:35579HistoryMay 17, 2022 - 4:11 p.m.
Denial Of Service (DoS)
2022-05-1716:11:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.001 Low
EPSS
Percentile
20.6%
org.apache.tika, tika is susceptible to denial of service. This vulnerability exists in the extractMetadata function in BPGParser.java due to invalid memory allocation which allows an attacker to crash the system via a crafted file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache tika | le | 2.3.0 | |
| apache tika | le | 1.28.1 | |
| apache tika | le | 2.3.0 | |
| apache tika | le | 1.28.1 |
References
www.openwall.com/lists/oss-security/2022/05/16/4
github.com/advisories/GHSA-7qcq-xp2f-56f6
github.com/apache/tika/commit/9a144ab1666a41d469b3318025dc9a695be3ef70
github.com/apache/tika/commit/ab709a5299be867c0e603116491faaa6546ed889
lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
security.netapp.com/advisory/ntap-20220804-0004/
www.openwall.com/lists/oss-security/2022/05/16/4
www.oracle.com/security-alerts/cpujul2022.html
Related
osv
osv
Apache Tika vulnerable to uncontrolled memory consumption
2022-05-17 00:00:36
CVE-2022-25169
2022-05-16 17:15:09
ubuntucve
ubuntucve
CVE-2022-25169
2022-05-16 00:00:00
prion
prion
Memory corruption
2022-05-16 17:15:00
github
github
Apache Tika vulnerable to uncontrolled memory consumption
2022-05-17 00:00:36
debiancve
debiancve
CVE-2022-25169
2022-05-16 17:15:09
ibm
ibm
cvelist
cvelist
CVE-2022-25169 Apache Tika BPGParser Memory Usage DoS
2022-05-16 17:05:11
cve
cve
CVE-2022-25169
2022-05-16 17:15:09
nvd
nvd
CVE-2022-25169
2022-05-16 17:15:09
openvas
openvas
Apache Tika Server < 1.28.2, 2.x < 2.4.0 Multiple Vulnerabilities
2022-05-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00