5.5
CVSSv3

CVE-2022-25169

CVSSv4: NA | CVSSv3: 5.5 | CVSSv2: 4.3 | VMScore: 650 | EPSS: 0.00064 | KEV: Not Included
Published: 16/05/2022 Updated: 21/11/2024

Vulnerability Summary

The BPG parser in versions of Apache Tika prior to 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tika

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle primavera unifier 21.12

Vendor Advisories

Debian Bug report logs - #1015002 tika: CVE-2022-25169 CVE-2022-30126 CVE-2022-33879 Package: src:tika; Maintainer for src:tika is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 15 Jul 2022 22:39:01 UTC Severity: important Tags: secu ...