Description
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Remediation
References
https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
https://security.netapp.com/advisory/ntap-20210507-0004/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E
Related Vulnerabilities
CVE-2022-22138 Vulnerability in npm package fast-string-search
CVE-2022-25839 Vulnerability in npm package url-js
CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2022-27202 Vulnerability in maven package org.jenkins-ci.plugins:extended-choice-parameter
CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer