tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Allison <talli...@apache.org>
Subject [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper
Date Fri, 02 Aug 2019 11:33:38 GMT
Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika  1.7 to 1.21

Description:
A carefully crafted or corrupt zip file can cause an OOM in Apache
Tika's RecursiveParserWrapper in versions 1.7-1.21.


Mitigation:
Apache Tika users should upgrade to 1.22 or later.


Credit:
This issue was discovered by RunningSnail.

Mime
View raw message