CVE-2022-25169

UNRATEDJSON export Create alert

Description

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

Affected products

Apache Software Foundation / Apache TikaApache Tika – 1.28.1

References

MAILING_LISThttps://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/05/16/4
VENDOR_ADVISORYhttps://www.oracle.com/security-alerts/cpujul2022.html
MISChttps://security.netapp.com/advisory/ntap-20220804-0004/