[
https://issues.apache.org/jira/browse/TIKA-3729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17526669#comment-17526669
]
Hudson commented on TIKA-3729:
------------------------------
SUCCESS: Integrated in Jenkins build Tika » tika-branch1x-jdk8 #185 (See
[https://ci-builds.apache.org/job/Tika/job/tika-branch1x-jdk8/185/])
TIKA-3729 -- upgrade metadata-extractor (tallison:
[https://github.com/apache/tika/commit/85f21a6a68d1939f217590e8bb7174e884da3874])
* (edit) tika-parsers/pom.xml
* (edit)
tika-parsers/src/main/java/org/apache/tika/parser/mp4/TikaMp4BoxHandler.java
* (edit) tika-xmp/pom.xml
* (edit) tika-parent/pom.xml
* (edit)
tika-parsers/src/main/java/org/apache/tika/parser/mp4/boxes/TikaUserDataBox.java
> CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially
> crafted JPEG file
> -------------------------------------------------------------------------------------------
>
> Key: TIKA-3729
> URL: https://issues.apache.org/jira/browse/TIKA-3729
> Project: Tika
> Issue Type: Bug
> Components: metadata
> Affects Versions: 1.28.1, 2.3.0
> Reporter: Luigi De Masi
> Assignee: Tim Allison
> Priority: Major
> Fix For: 2.3.0
>
>
> CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially
> crafted JPEG file
> When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0
> can be made to allocate large amounts of memory that finally leads to an
> out-of-memory error even for very small inputs. This could be used to mount a
> denial of service attack against services that use metadata-extractor library.
>
> https://github.com/drewnoakes/metadata-extractor/issues/561
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
