https://bugzilla.redhat.com/show_bug.cgi?id=1778687
Bug ID: 1778687
Summary: CVE-2019-10094 tika: crafted package/compressed file
can cause a StackOverflowError in
RecursiveParserWrapper
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
lef(a)fedoraproject.org, puntogil(a)libero.it
Target Milestone: ---
Classification: Other
A carefully crafted package/compressed file that, when unzipped/uncompressed
yields the same file (a quine), causes a StackOverflowError in Apache Tika's
RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade
to 1.22 or later.
External References:
https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82...
--
You are receiving this mail because:
You are on the CC list for the bug.