Denial of Service Vulnerability in Apache Tika's BPGParser
CVE-2018-1338

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 25 April 2018

What is CVE-2018-1338?

A crafted file can exploit a flaw in Apache Tika's BPGParser, potentially leading to an infinite loop that impacts system availability. This vulnerability affects users of Apache Tika versions prior to 1.18, allowing attackers to create conditions that may render the service unavailable.

Affected Version(s)

Apache Tika < 1.18

References

https://access.redhat.com/errata/RHSA-2018:2669

vendor-advisoryx_refsource_REDHAT

https://lists.apache.org/thread.html/4d20c5748fb9f836653b...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2018
Vulnerability Reserved
Dec 7, 2017