7 matches found
CVE-2018-1335
CVE-2018-1335 affects Apache Tika with tika-server versions 1.7–1.17, where carefully crafted HTTP headers can trigger command injection on the server if exposed to untrusted clients. The underlying issue is an input handling flaw that allows commands to be passed to the server’s command line. Th...
CVE-2022-25169
CVE-2022-25169 concerns Apache Tika’s BPG parser, where crafted inputs may cause excessive memory allocation, potentially leading to a denial of service. Public details consistently identify the vulnerable component as the BPG parser within Tika and specify affected versions as before 1.28.2 and ...
CVE-2022-30126
Apache Tika CVE-2022-30126 is a ReDoS via a regex in StandardsText used by the StandardsExtractingContentHandler. The issue can cause denial of service on crafted files and only affects users running the StandardsExtractingContentHandler (a non-standard handler). A fix is available in Tika versio...
CVE-2022-30973
Apache Tika's ReDoS vulnerability (CVE-2022-30973) arises from a regex in StandardsText used by StandardsExtractingContentHandler. Affected: 1.x branch, specifically the 1.28.2 release; impact is denial of service via backtracking on crafted files. The issue is limited to users running the Standa...
CVE-2022-33879
CVE-2022-33879 is related to Apache Tika's regex handling in the StandardsExtractingContentHandler. The connected Nessus entries confirm a separate, new regular-expression DoS (ReDoS) vulnerability in a different regex within the same component. The initial fixes for CVE-2022-30126 and CVE-2022-3...
CVE-2018-1339
CVE-2018-1339 affects Apache Tika's ChmParser; a carefully crafted file can trigger an infinite loop in versions prior to 1.18, causing DoS. Remediation: upgrade to Tika 1.18 or later (as indicated by multiple advisories).
CVE-2018-1338
CVE-2018-1338 : Apache Tika is vulnerable to a denial of service via a carefully crafted (or fuzzed) file that can trigger an infinite loop in the BPGParser in Tika versions before 1.18. The provided documents confirm the affected component (BPGParser in Apache Tika), the vulnerability type (infi...