CVE-2022-25169
MEDIUMApache Tika < 1.28.2 - Denial of Service via BPG Parser
Title source: llmDescription
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/05/16/4
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220804-0004/
Scores
CVSS v3
5.5
EPSS
0.0027
EPSS Percentile
50.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (7)
apache/tika
< 1.28.2
oracle/primavera_unifier
18.8
oracle/primavera_unifier
19.12
oracle/primavera_unifier
20.12
oracle/primavera_unifier
21.12
oracle/primavera_unifier
17.7 - 17.12
org.apache.tika/tika
0 - 1.28.2Maven
Published
May 16, 2022
Tracked Since
Feb 18, 2026