Moderate severityNVD Advisory· Published Mar 31, 2021· Updated Feb 13, 2025
Infinite loop in Apache Tika's MP3 parser
CVE-2021-28657
Description
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tika:tikaMaven | < 1.26 | 1.26 |
Affected products
41- ghsa-coords40 versionspkg:maven/org.apache.tika/tikapkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/prometheus-exporters-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/prometheus-exporters-formula&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/pxe-default-image-sle15&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Server%20Module%204.1
< 1.26+ 39 more
- (no CPE)range: < 1.26
- (no CPE)range: < 3.0.0+git20190806.32c4bae0-7.22.3
- (no CPE)range: < 3.0.0+git20190806.32c4bae0-5.11.1
- (no CPE)range: < 1.1.2-3.6.5
- (no CPE)range: < 0.2.3-4.16.3
- (no CPE)range: < 0.4.1-3.9.2
- (no CPE)range: < 4.0-9.19.3
- (no CPE)range: < 4.1-6.9.2
- (no CPE)range: < 0.7.6-3.19.3
- (no CPE)range: < 0.9.1-3.22.1
- (no CPE)range: < 4.0.1-20210621145802
- (no CPE)range: < 2016.11.10-10.28.3
- (no CPE)range: < 2016.11.10-6.14.2
- (no CPE)range: < 3000.3-4.3.3
- (no CPE)range: < 3000.3-6.3.2
- (no CPE)range: < 4.1.9-3.12.2
- (no CPE)range: < 4.0.38-3.47.4
- (no CPE)range: < 4.1.25-4.32.6
- (no CPE)range: < 4.1.12-3.12.2
- (no CPE)range: < 4.1.17-3.17.2
- (no CPE)range: < 4.0.44-3.57.5
- (no CPE)range: < 4.1.36-3.44.1
- (no CPE)range: < 4.0.21-3.30.3
- (no CPE)range: < 4.1.16-3.18.2
- (no CPE)range: < 4.0.28-3.45.1
- (no CPE)range: < 4.1.26-3.24.8
- (no CPE)range: < 15.2.4-3.17.1
- (no CPE)range: < 4.0.34-3.52.3
- (no CPE)range: < 4.1.26-3.25.1
- (no CPE)range: < 4.0-10.36.4
- (no CPE)range: < 4.1-11.34.8
- (no CPE)range: < 4.0-10.36.3
- (no CPE)range: < 4.1-11.34.2
- (no CPE)range: < 4.1.21-3.30.6
- (no CPE)range: < 4.0.35-3.48.3
- (no CPE)range: < 4.1.28-3.42.1
- (no CPE)range: < 4.1.14-3.23.2
- (no CPE)range: < 1.26-3.6.3
- (no CPE)range: < 1.26-3.5.2
- (no CPE)range: < 4.1.8-3.9.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-567x-m4wm-87v8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28657ghsaADVISORY
- lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3Eghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20210507-0004ghsaWEB
- security.netapp.com/advisory/ntap-20210507-0004/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.