[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] =?UTF-8?Q?=5BCVE=2D2018=2D1338=5D_DoS_=28Infinite_Loop=29_Vulnerability_in?= =?UTF-8?
From: Tim Allison <tallison () apache ! org>
Date: 2018-04-25 17:01:30
Message-ID: CAC1dCwW1WG339h=fqMzjG4p0VdeoOe3q5qKM=Q7KUQPuLzS1RA () mail ! gmail ! com
[Download RAW message or body]
CVE-2018-1338 – DoS (Infinite Loop) Vulnerability in Apache Tika's BPGParser
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: <1.18
Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's BPGParser.
Mitigation: Turn off the BPGParser or upgrade to Apache Tika >=1.18.
Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic