[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oss-security] [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper



Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika  1.7 to 1.21

Description:
A carefully crafted or corrupt zip file can cause an OOM in Apache
Tika's RecursiveParserWrapper in versions 1.7-1.21.


Mitigation:
Apache Tika users should upgrade to 1.22 or later.


Credit:
This issue was discovered by RunningSnail.