Description
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2669
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932%40%3Cdev.tika.apache.org%3E
Scores
CVSS v3
5.5
EPSS
0.0300
EPSS Percentile
86.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (2)
apache/tika
< 1.18
org.apache.tika/tika-core
0 - 1.18Maven
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026