5.5
CVSSv3

CVE-2021-28657

CVSSv4: NA | CVSSv3: 5.5 | CVSSv2: 4.3 | VMScore: 650 | EPSS: 0.00057 | KEV: Not Included
Published: 31/03/2021 Updated: 21/11/2024

Vulnerability Summary

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tika

oracle healthcare foundation 7.3.0

oracle healthcare foundation 8.0.0

oracle healthcare foundation 8.1.0

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle webcenter portal 12.2.1.3.0

oracle webcenter portal 12.2.1.4.0

oracle communications messaging server 8.1

Vendor Advisories

Debian Bug report logs - #986805 CVE-2021-28657 Package: src:tika; Maintainer for src:tika is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 12 Apr 2021 10:03:06 UTC Severity: important Tags: security, upstream Reply or subscri ...
No description is available for this CVE ...

Mailing Lists

Description: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 125 Apache Tika users should upgrade to 126 or later Mitigation: Users should upgrade to 126 or later Credit: Apache Tika would like to thank Khaled Nassar for reporting this issue ...