Security Bulletin: Public disclosed vulnerability from Apache Tika

Summary

Public disclosed vulnerability from Apache Tika

Vulnerability Details

CVEID: CVE-2018-1338
**Description:**Apache Tika is vulnerable to a denial of service, caused by an error in BPGParser. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
**CVSS Base Score:**5.50
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142370&gt; for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVEID: CVE-2018-1339
**Description:**Apache Tika is vulnerable to a denial of service, caused by an error in ChmParser. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
**CVSS Base Score:**5.50
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142371&gt; for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products and Versions

IBM QRadar Incident Forensics 7.2.0 - 7.2.8 Patch 13

IBM QRadar Incident Forensics 7.3.0 - 7.3.1 Patch 4

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5

QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 14

Workarounds and Mitigations

None