oss-sec mailing list archives
CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser
From: Tim Allison <tallison () apache org>
Date: Tue, 30 Mar 2021 08:19:51 -0400
Description: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. Mitigation: Users should upgrade to 1.26 or later. Credit: Apache Tika would like to thank Khaled Nassar for reporting this issue.
Current thread:
- CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser Tim Allison (Mar 30)