[
https://issues.apache.org/jira/browse/TIKA-3051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison resolved TIKA-3051.
-------------------------------
Resolution: Duplicate
> [Dependency] Buffer Overflow in com.drewnoakes:metadata-extractor 2.11.0
> ------------------------------------------------------------------------
>
> Key: TIKA-3051
> URL: https://issues.apache.org/jira/browse/TIKA-3051
> Project: Tika
> Issue Type: Bug
> Affects Versions: 1.23
> Reporter: Michael Moritz
> Priority: Major
>
> This issue has been created automatically by a source code scanner
> ## Third party component with known security vulnerabilities
> ent-search-master/script/vendor_jars > Jars.lock >
> com.drewnoakes:[email protected]
> ## Overview
> [com.drewnoakes:metadata-extractor](https://github.com/drewnoakes/metadata-extractor)
> is a Java library for reading metadata from image files.
> Affected versions of this package are vulnerable to Buffer Overflow.
> Extraction of light source metadata data from an invalid/corrupt image file
> can lead to an infinite loop recursion within `PanasonicRawWbInfo2`
> descriptor class, resulting in stack consumption.
> ## Remediation
> Upgrade `com.drewnoakes:metadata-extractor` to version v2.13.0 or higher.
> ## References
> - [GitHub Commit
> Java](https://github.com/drewnoakes/metadata-extractor/pull/420/commits/11cfd54eba77b1164721ca6276a42986ba054fea)
> - [GitHub Commit
> .NET](https://github.com/drewnoakes/metadata-extractor-dotnet/pull/190/commits/3142e5e6a95f2760ace1d2fdd9d50a97eb1c0e23)
> - [GitHub PR Java](https://github.com/drewnoakes/metadata-extractor/pull/420)
> - [GitHub PR
> .NET](https://github.com/drewnoakes/metadata-extractor-dotnet/pull/190)
> -
> [SNYK-JAVA-COMDREWNOAKES-455419](https://snyk.io/vuln/SNYK-JAVA-COMDREWNOAKES-455419)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
