CVE-2018-1338

CWE-83511 documents8 sources

Severity

5.5MEDIUM

EPSS

3.0%

top 13.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Tika Apache Tika

Timeline

PublishedApr 25

Latest updateOct 17

Description

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapache/tika< 1.18

▶Mavenorg.apache.tika:tika-core< 1.18

▶CVEListV5apache_software_foundation/apache_tika< 1.18

▶Debiantika< 1.18-1

🔴Vulnerability Details

OSV

Moderate severity vulnerability that affects org.apache.tika:tika-core↗2018-10-17

▶

GHSA

Moderate severity vulnerability that affects org.apache.tika:tika-core↗2018-10-17

▶

OSV

CVE-2018-1338: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1↗2018-04-25

▶

CVEList

CVE-2018-1338: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1↗2018-04-25

▶

📋Vendor Advisories

Red Hat

tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service↗2018-04-25

▶

Debian

CVE-2018-1338: tika - A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika...↗2018

▶

Apache

Apache tika: CVE-2018-1338↗

▶

💬Community

Bugzilla

CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service↗2018-04-30

▶

Bugzilla

CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service↗2018-04-27

▶

Bugzilla

CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service [fedora-all]↗2018-04-27

▶