[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] =?UTF-8?Q?=5BCVE=2D2018=2D1339=5D_DoS_=28Infinite_Loop=29_Vulnerability_in?= =?UTF-8?
From: Tim Allison <tallison () apache ! org>
Date: 2018-04-25 17:04:59
Message-ID: CAC1dCwVvwLpJMi+-YYx=u_9YxZnMpd729Hy=B+BADXaCEpWceQ () mail ! gmail ! com
[Download RAW message or body]
CVE-2018-1339 – DoS (Infinite Loop) Vulnerability in Apache Tika's ChmParser
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: <1.18
Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's ChmParser.
Mitigation: Turn off the ChmParser or upgrade to Apache Tika >=1.18.
Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic