Description
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Remediation
References
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
https://security.netapp.com/advisory/ntap-20210507-0004/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Related Vulnerabilities
CVE-2020-2270 Vulnerability in maven package org.jenkins-ci.plugins:clearcase-release
CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source
CVE-2022-36899 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2022-20612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-30529 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search