VYPR

Maven package

org.apache.tika/tika

pkg:maven/org.apache.tika/tika

Vulnerabilities (6)

  • CVE-2022-33879Jun 27, 2022
    affected < 1.28.4fixed 1.28.4

    The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

  • CVE-2022-25169May 16, 2022
    affected < 1.28.2fixed 1.28.2

    The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

  • CVE-2021-28657Mar 31, 2021
    affected < 1.26fixed 1.26

    A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

  • CVE-2020-9489Apr 27, 2020
    affected < 1.24.1fixed 1.24.1

    A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika user

  • CVE-2020-1951Mar 23, 2020
    affected >= 1.0, < 1.24fixed 1.24

    A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

  • CVE-2020-1950Mar 23, 2020
    affected >= 1.0, < 1.24fixed 1.24

    A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.