CVE-2018-1338

low-risk
Published 2018-04-25

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Do I need to act?

~
3.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Apache

References (4)

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2669
https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e...
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2669
https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e...
29
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal