CVE-2018-1339

CWE-83510 documents8 sources

Severity

5.5MEDIUM

EPSS

4.5%

top 10.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Tika Apache Tika

Timeline

PublishedApr 25

Latest updateOct 17

Description

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapache/tika< 1.18

▶Mavenorg.apache.tika:tika-parsers< 1.18

▶CVEListV5apache_software_foundation/apache_tika< 1.18

▶Debiantika< 1.18-1

🔴Vulnerability Details

OSV

org.apache.tika:tika-parsers has an Infinite Loop vulnerability↗2018-10-17

▶

GHSA

org.apache.tika:tika-parsers has an Infinite Loop vulnerability↗2018-10-17

▶

CVEList

CVE-2018-1339: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1↗2018-04-25

▶

OSV

CVE-2018-1339: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1↗2018-04-25

▶

📋Vendor Advisories

Red Hat

tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service↗2018-04-25

▶

Debian

CVE-2018-1339: tika - A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika...↗2018

▶

Apache

Apache tika: CVE-2018-1339↗

▶

💬Community

Bugzilla

CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service [fedora-all]↗2018-04-27

▶

Bugzilla

CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service↗2018-04-27

▶