'[oss-security] =?UTF-8?Q?=5BCVE=2D2018=2D1338=5D_DoS_=28Infinite_Loop=29_Vulnerability_in?= =?UTF-8?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] =?UTF-8?Q?=5BCVE=2D2018=2D1338=5D_DoS_=28Infinite_Loop=29_Vulnerability_in?= =?UTF-8?
From:       Tim Allison <tallison () apache ! org>
Date:       2018-04-25 17:01:30
Message-ID: CAC1dCwW1WG339h=fqMzjG4p0VdeoOe3q5qKM=Q7KUQPuLzS1RA () mail ! gmail ! com
[Download RAW message or body]

CVE-2018-1338 – DoS (Infinite Loop) Vulnerability in Apache Tika's BPGParser

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: <1.18

Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's BPGParser.

Mitigation: Turn off the BPGParser or upgrade to Apache Tika >=1.18.

Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic