[CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser

Tim Allison Wed, 25 Apr 2018 10:05:17 -0700

CVE-2018-1339 – DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser



Severity: Important


Vendor: The Apache Software Foundation


Versions Affected: <1.18


Description: A carefully crafted (or fuzzed) file can trigger an infinite
loop in Apache Tika's ChmParser.

Mitigation: Turn off the ChmParser or upgrade to Apache Tika >=1.18.


Credit: Tobias Ospelt of modzero AG discovered this issue by fuzzing with
Kelinci (https://github.com/isstac/kelinci).

[CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser

Reply via email to