Vulnerability

CVE-2021-28657

 Report advisory or correction

CVSS Score 5.5 medium

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-835

References

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
https://bugzilla.redhat.com/show_bug.cgi?id=1944881
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28657

[CVE-2021-28657] CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Description

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

See org.apache.tika/tika-parsers package information