CVE-2021-28657

MEDIUM

Apache Tika < 1.25 - Infinite Loop

Title source: rule
STIX 2.1

Description

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0022
EPSS Percentile 44.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (12)
apache/tika < 1.25
oracle/communications_messaging_server 8.1
oracle/healthcare_foundation 7.3.0
oracle/healthcare_foundation 8.0.0
oracle/healthcare_foundation 8.1.0
oracle/primavera_unifier 18.8
oracle/primavera_unifier 19.12
oracle/primavera_unifier 20.12
oracle/primavera_unifier 17.7 - 17.12
oracle/webcenter_portal 12.2.1.3.0
... and 2 more
Published Mar 31, 2021
Tracked Since Feb 18, 2026