CVE-2022-25169
published 2022-05-16CVE-2022-25169: The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tika | < 1.28.2 | 1.28.2 |
| apache | tika | — | — |
| apache | tika | >= 2.0.0 < 2.4.0 | 2.4.0 |
| apache_software_foundation | apache_tika | Apache Tika – 1.28.1 | — |
| debian | tika | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | 17.7 – 17.12 | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM