Apache Tika BPGParser Memory Usage DoS
CVE-2022-25169

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 16 May 2022

Summary

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

Affected Version(s)

Apache Tika Apache Tika <= 1.28.1

References

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2022/05/16/4

mailing-listx_refsource_MLIST

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2022
Vulnerability Reserved
Feb 15, 2022

.