A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tika 1.24 |
||
oracle flexcube private banking 12.1.0 |
||
oracle primavera unifier 16.2 |
||
oracle flexcube private banking 12.0.0 |
||
oracle primavera unifier 16.1 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier |
||
oracle primavera unifier 19.12 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle communications messaging server 8.1 |