Back to search
CVE-2022-25169
Published: May 16, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Tika | affected Apache Tika - <= 1.28.1 |
References
https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
x_refsource_MISC
[oss-security] 20220516 CVE-2022-25169: Apache Tika BPGParser Memory Usage DoS
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220804-0004/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now