CVE-2021-28657
MEDIUM5.5EPSS 0.22%Infinite loop in Apache Tika
Published: 5/10/2021Modified: 2/17/2024
Also known as:GHSA-567x-m4wm-87v8
Description
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Affected packages (2)
- Debian/tikafrom 0
- Maven/org.apache.tika:tikafrom 0, < 1.26
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28657
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-28657
- WEBhttps://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
- WEBhttps://security.netapp.com/advisory/ntap-20210507-0004
- WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html
- WEBhttps://www.oracle.com/security-alerts/cpuoct2021.html