oss-sec mailing list archives
[CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser
From: Tim Allison <tallison () apache org>
Date: Wed, 25 Apr 2018 13:01:30 -0400
CVE-2018-1338 – DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: <1.18 Description: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser. Mitigation: Turn off the BPGParser or upgrade to Apache Tika >=1.18. Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with Kelinci (https://github.com/isstac/kelinci).
Current thread:
- [CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser Tim Allison (Apr 25)