CVE-2021-28657
Description
A carefully crafted or corrupt file may trigger an infinite loop in Tikas MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.221
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-28657 are fixed in Apache-tika 1.26 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1 | Windows |
| Vulnerabilities CVE-2021-28657 are fixed in Apache-tika for Linux 1.26 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234