[jira] [Created] (TIKA-3729) CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file

Fri, 22 Apr 2022 10:46:05 -0700 

Luigi De Masi created TIKA-3729:
-----------------------------------

             Summary: CVE-2022-24614 metadata-extractor: Out-of-memory when 
reading a specially crafted JPEG file
                 Key: TIKA-3729
                 URL: https://issues.apache.org/jira/browse/TIKA-3729
             Project: Tika
          Issue Type: Bug
          Components: metadata
    Affects Versions: 2.3.0, 1.28.1
            Reporter: Luigi De Masi


CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially 
crafted JPEG file



When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can 
be made to allocate large amounts of memory that finally leads to an 
out-of-memory error even for very small inputs. This could be used to mount a 
denial of service attack against services that use metadata-extractor library.

 

https://github.com/drewnoakes/metadata-extractor/issues/561



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to