485 matches found
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
CVE-2025-54988
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
DEBIAN-CVE-2025-54988
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
UBUNTU-CVE-2025-54988
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
CVE-2025-54988
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
Apache Tika 安全漏洞
Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open-source library of functions that use Java programs to provide read and write functionality for Microsoft Office-formatted documents, Pdfbox a pure Java class library for reading and...
PT-2025-34153
Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.13 through 3.2.1 Apache Tika tika-core versions 1.13 through 3.2.1 Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1 Apache Tika tika-parsers versions 1.13 through 1.28.5 Description A critical XML External Entity...
Linux Distros Unpatched Vulnerability : CVE-2018-17197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. CVE-2018-17197 Note...
Linux Distros Unpatched Vulnerability : CVE-2020-1951
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. CVE-2020-1951 Note that Nessus relies on the...
GHSA-36WV-V2QP-V4G4 vulnerabilities
Vulnerabilities for packages: wildfly, apache-tika...
CVE-2025-48795 vulnerabilities
Vulnerabilities for packages: wildfly, apache-tika...
CVE-2025-48795 vulnerabilities
Vulnerabilities for packages: wso2is, apache-tika, wildfly...
GHSA-36WV-V2QP-V4G4 vulnerabilities
Vulnerabilities for packages: wso2is, apache-tika, wildfly...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: debezium-connector-spanner, nrjmx, spark, sonarqube, apache-hop, dependency-track, apache-activemq-artemis, logstash, apache-hop-fips, keycloak-config-cli, apache-nifi, celeborn, elasticsearch, leiningen, management-api-for-apache-cassandra-5.0, akhq, keycloak-fips,...
Ubuntu: Security Advisory (USN-7529-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS / 22.04 LTS : Apache Tika vulnerabilities (USN-7529-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7529-1 advisory. It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use...
USN-7529-1: Apache Tika vulnerabilities
It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-1950, CVE-2020-1951 It was discovered that Apache Tika...
CVE-2022-25169
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files...
GHSA-FH5R-CRHR-QRRQ vulnerabilities
Vulnerabilities for packages: apache-tika...