[
https://issues.apache.org/jira/browse/TIKA-3729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison updated TIKA-3729:
------------------------------
Fix Version/s: 1.28.2
2.3.0
> CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially
> crafted JPEG file
> -------------------------------------------------------------------------------------------
>
> Key: TIKA-3729
> URL: https://issues.apache.org/jira/browse/TIKA-3729
> Project: Tika
> Issue Type: Bug
> Components: metadata
> Affects Versions: 1.28.1, 2.3.0
> Reporter: Luigi De Masi
> Priority: Major
> Fix For: 2.3.0, 1.28.2
>
>
> CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially
> crafted JPEG file
> When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0
> can be made to allocate large amounts of memory that finally leads to an
> out-of-memory error even for very small inputs. This could be used to mount a
> denial of service attack against services that use metadata-extractor library.
>
> https://github.com/drewnoakes/metadata-extractor/issues/561
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
