Infinite Loop Vulnerability in Apache Tika's ChmParser
CVE-2018-1339

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 25 April 2018

Summary

A vulnerability exists in Apache Tika's ChmParser where a specially crafted file can cause an infinite loop, potentially leading to a denial of service condition. Affected users running versions of Apache Tika before 1.18 are advised to review their deployments and apply relevant updates to mitigate risks associated with this flaw.

Affected Version(s)

Apache Tika < 1.18

References

https://access.redhat.com/errata/RHSA-2018:2669

vendor-advisoryx_refsource_REDHAT

https://lists.apache.org/thread.html/4d2cb5c819401bb075e2...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2018
Vulnerability Reserved
Dec 7, 2017