CVE-2022-25169 Information
Jun 07, 2022
cve
Description
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Reference
https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk http://www.openwall.com/lists/oss-security/2022/05/16/4
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.5
Share on: