Multiple Vulnerabilities in Apache Tika Parsers: Upgrade Recommended
A specially made or damaged file might cause Tika's OneNote Parser to stop the system (System.exit). These files can also create memory problems or endless loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser, and ImageParser. It's recommended for Apache Tika users to upgrade to version 1.24.1 or newer. The vulnerabilities in the MP4Parser were partially fixed by updating the com.googlecode:isoparser:1.1.22 to org.tallison:isoparser:1.9.41.2. Additionally, for different security reasons, org.apache.cxf was upgraded to 3.3.6 in the 1.24.1 release.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tika 1.24 |
||
oracle flexcube private banking 12.0.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle primavera unifier |
||
oracle primavera unifier 16.1 |
||
oracle primavera unifier 16.2 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier 19.12 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle communications messaging server 8.1 |