Vulnerability

CVE-2022-25169

 Report advisory or correction

CVSS Score 5.5 medium

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-770

References

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25169

[CVE-2022-25169] CWE-770: Allocation of Resources Without Limits or Throttling

Description

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

See org.apache.tika/tika-parsers package information