'[oss-security] =?UTF-8?Q?=5BCVE=2D2018=2D1339=5D_DoS_=28Infinite_Loop=29_Vulnerability_in?= =?UTF-8?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] =?UTF-8?Q?=5BCVE=2D2018=2D1339=5D_DoS_=28Infinite_Loop=29_Vulnerability_in?= =?UTF-8?
From:       Tim Allison <tallison () apache ! org>
Date:       2018-04-25 17:04:59
Message-ID: CAC1dCwVvwLpJMi+-YYx=u_9YxZnMpd729Hy=B+BADXaCEpWceQ () mail ! gmail ! com
[Download RAW message or body]

CVE-2018-1339 – DoS (Infinite Loop) Vulnerability in Apache Tika's ChmParser

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: <1.18

Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's ChmParser.

Mitigation: Turn off the ChmParser or upgrade to Apache Tika >=1.18.

Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic