Vulnerabilities > Apache > Tika

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-33879 Unspecified vulnerability in Apache Tika
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler.
local
low complexity
apache
3.3
3.3
2022-05-31 CVE-2022-30973 Unspecified vulnerability in Apache Tika
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release.
local
low complexity
apache
5.5
5.5
2022-05-16 CVE-2022-25169 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
local
low complexity
apache oracle CWE-770
5.5
5.5
2022-05-16 CVE-2022-30126 In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file.
local
low complexity
apache oracle
5.5
5.5
2021-06-16 CVE-2021-33813 XXE vulnerability in multiple products
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
network
low complexity
jdom apache debian fedoraproject oracle CWE-611
7.5
7.5
2021-03-31 CVE-2021-28657 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25.
local
low complexity
apache oracle CWE-835
5.5
5.5
2020-04-27 CVE-2020-9489 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser.
local
low complexity
apache oracle CWE-835
5.5
5.5
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
5.5
2019-08-02 CVE-2019-10094 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21.
local
low complexity
apache CWE-770
7.8
7.8