oss-sec mailing list archives

CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser

From: Tim Allison <tallison () apache org>
Date: Tue, 30 Mar 2021 08:19:51 -0400

Description:

A carefully crafted or corrupt file may trigger an infinite loop in
Tika's MP3Parser up to and including Tika 1.25. Apache Tika users
should upgrade to 1.26 or later.

Mitigation:

Users should upgrade to 1.26 or later.

Credit:

Apache Tika would like to thank Khaled Nassar for reporting this issue.

Current thread:

CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser Tim Allison (Mar 30)