Vulnerability Details CVE-2018-1339
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://access.redhat.com/errata/RHSA-2018:2669
- https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828%40%3Cdev.tika.apache.org%3E
- https://access.redhat.com/errata/RHSA-2018:2669
- https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828%40%3Cdev.tika.apache.org%3E
Products affected by CVE-2018-1339
-
cpe:2.3:a:apache:tika:0.1
-
cpe:2.3:a:apache:tika:0.10
-
cpe:2.3:a:apache:tika:0.2
-
cpe:2.3:a:apache:tika:0.3
-
cpe:2.3:a:apache:tika:0.4
-
cpe:2.3:a:apache:tika:0.5
-
cpe:2.3:a:apache:tika:0.6
-
cpe:2.3:a:apache:tika:0.7
-
cpe:2.3:a:apache:tika:0.8
-
cpe:2.3:a:apache:tika:0.9
-
cpe:2.3:a:apache:tika:1.0
-
cpe:2.3:a:apache:tika:1.1
-
cpe:2.3:a:apache:tika:1.10
-
cpe:2.3:a:apache:tika:1.11
-
cpe:2.3:a:apache:tika:1.12
-
cpe:2.3:a:apache:tika:1.13
-
cpe:2.3:a:apache:tika:1.14
-
cpe:2.3:a:apache:tika:1.15
-
cpe:2.3:a:apache:tika:1.16
-
cpe:2.3:a:apache:tika:1.17
-
cpe:2.3:a:apache:tika:1.2
-
cpe:2.3:a:apache:tika:1.3
-
cpe:2.3:a:apache:tika:1.4
-
cpe:2.3:a:apache:tika:1.5
-
cpe:2.3:a:apache:tika:1.6
-
cpe:2.3:a:apache:tika:1.7
-
cpe:2.3:a:apache:tika:1.8
-
cpe:2.3:a:apache:tika:1.9