Moderate severityNVD Advisory· Published May 16, 2022· Updated Aug 3, 2024
Apache Tika BPGParser Memory Usage DoS
CVE-2022-25169
Description
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tika:tikaMaven | < 1.28.2 | 1.28.2 |
org.apache.tika:tikaMaven | >= 2.0.0, < 2.4.0 | 2.4.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-7qcq-xp2f-56f6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25169ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/05/16/4ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rkghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220804-0004ghsaWEB
- security.netapp.com/advisory/ntap-20220804-0004/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.