Bug 1632466 (CVE-2018-8017)
Summary: | CVE-2018-8017 tika: infinite loop in the IptcAnpaParser | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abergmann, aileenc, alazarot, anstephe, bkearney, cbuissar, chazlett, drieden, etirelli, gvarsami, hhorak, ibek, java-sig-commits, jcoleman, jolee, jorton, jschatte, jstastny, kconner, krathod, kverlaen, ldimaggi, lef, meissner, nwallace, paradhya, puntogil, rrajasek, rsynek, rwagner, rzhang, sdaley, tcunning, tkirby, tlestach, vhalbert |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | tika 1.19 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-12-10 01:24:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1632467, 1636025 | ||
Bug Blocks: | 1632464 |
Description
Pedro Sampaio
2018-09-24 20:47:19 UTC
Created tika tracking bugs for this issue: Affects: fedora-all [bug 1632467] Some more details can be found in: https://www.modzero.ch/modlog/archives/2018/09/20/java_bugs_with_and_without_fuzzing/index.html with test case available at: https://github.com/modzero/mod0javaFuzzingResults/blob/master/12_hang_tika_iptc.iptc RHN Satellite 5 is shipped with an older version of tika, that is not affected by this flaw. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-8017 |