CVE-2018-1339 – DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: <1.18

Description: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser.

Mitigation: Turn off the ChmParser or upgrade to Apache Tika >=1.18.

Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with Kelinci (