oss-sec mailing list archives
[CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper
From: Tim Allison <tallison () apache org>
Date: Fri, 2 Aug 2019 07:33:38 -0400
Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.7 to 1.21 Description: A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Mitigation: Apache Tika users should upgrade to 1.22 or later. Credit: This issue was discovered by RunningSnail.
Current thread:
- [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper Tim Allison (Aug 02)