5.5

CVE-2022-25169

Apache Tika BPGParser Memory Usage DoS

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTika Version < 1.28.2
ApacheTika Version >= 2.0.0 < 2.4.0
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version18.8
OraclePrimavera Unifier Version19.12
OraclePrimavera Unifier Version20.12
OraclePrimavera Unifier Version21.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.785
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/16/4
Third Party Advisory
Mailing List
https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20220804-0004/
Third Party Advisory