Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 Apr 2018 13:01:30 -0400
From: Tim Allison <tallison@...che.org>
To: announce@...che.org, dev@...a.apache.org, user@...a.apache.org, 
	oss-security@...ts.openwall.com
Subject: [CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser

CVE-2018-1338 – DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser


Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: <1.18

Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's BPGParser.

Mitigation: Turn off the BPGParser or upgrade to Apache Tika >=1.18.

Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ