Vulnerabilities > CVE-2018-1339 - Infinite Loop vulnerability in Apache Tika

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
apache
CWE-835

Summary

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Redhat

advisories
rhsa
idRHSA-2018:2669