Description
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2669
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828%40%3Cdev.tika.apache.org%3E
Scores
CVSS v3
5.5
EPSS
0.0452
EPSS Percentile
89.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (2)
apache/tika
< 1.18
org.apache.tika/tika-parsers
0 - 1.18Maven
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026