Maven package
org.apache.tika/tika
pkg:maven/org.apache.tika/tika
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-33879 | — | < 1.28.4 | 1.28.4 | Jun 27, 2022 | The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | ||
| CVE-2022-25169 | — | < 1.28.2 | 1.28.2 | May 16, 2022 | The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | ||
| CVE-2021-28657 | — | < 1.26 | 1.26 | Mar 31, 2021 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | ||
| CVE-2020-9489 | — | < 1.24.1 | 1.24.1 | Apr 27, 2020 | A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika user | ||
| CVE-2020-1951 | — | >= 1.0, < 1.24 | 1.24 | Mar 23, 2020 | A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | ||
| CVE-2020-1950 | — | >= 1.0, < 1.24 | 1.24 | Mar 23, 2020 | A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. |
- CVE-2022-33879Jun 27, 2022affected < 1.28.4fixed 1.28.4
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
- CVE-2022-25169May 16, 2022affected < 1.28.2fixed 1.28.2
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
- CVE-2021-28657Mar 31, 2021affected < 1.26fixed 1.26
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
- CVE-2020-9489Apr 27, 2020affected < 1.24.1fixed 1.24.1
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika user
- CVE-2020-1951Mar 23, 2020affected >= 1.0, < 1.24fixed 1.24
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
- CVE-2020-1950Mar 23, 2020affected >= 1.0, < 1.24fixed 1.24
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.