Description
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Remediation
References
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
https://security.netapp.com/advisory/ntap-20210507-0004/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Related Vulnerabilities
CVE-2023-29529 Vulnerability in npm package matrix-js-sdk
CVE-2023-30522 Vulnerability in maven package org.jenkins-ci.plugins:fogbugz
CVE-2023-31062 Vulnerability in maven package org.apache.inlong:manager-dao
CVE-2020-7011 Vulnerability in npm package @elastic/app-search-javascript
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes