Date: Wed, 25 Apr 2018 13:04:59 -0400 From: Tim Allison <tallison@...che.org> To: announce@...che.org, dev@...a.apache.org, user@...a.apache.org, oss-security@...ts.openwall.com Subject: [CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser CVE-2018-1339 – DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: <1.18 Description: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser. Mitigation: Turn off the ChmParser or upgrade to Apache Tika >=1.18. Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with Kelinci (https://github.com/isstac/kelinci).
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ