www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Allison <talli...@apache.org>
Subject [CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser
Date Wed, 25 Apr 2018 17:01:30 GMT
CVE-2018-1338 – DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser


Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: <1.18

Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's BPGParser.

Mitigation: Turn off the BPGParser or upgrade to Apache Tika >=1.18.

Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).

Mime
View raw message