Denial of Service Vulnerability in Apache Tika Parser
CVE-2018-8017

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 19 September 2018

Summary

In versions 1.2 to 1.18 of Apache Tika, a vulnerability exists that allows an attacker to leverage a specially crafted input file to trigger an infinite loop within the IptcAnpaParser. This may lead to a Denial of Service condition, causing the application to become unresponsive. Users should be aware of this risk and ensure they are using the latest patched versions to avoid potential disruptions.

Affected Version(s)

Apache Tika 1.2 to 1.18

References

https://lists.apache.org/thread.html/72df7a3f0dda49a91214...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/105513

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2018
Vulnerability Reserved
Mar 9, 2018