CVE-2021-28657

Summary

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache TikaApache Tika < 1.26affected

Weaknesses

  • CWE-835: CWE-835 Infinite Loop

Workarounds

Users should upgrade to 1.26 or later.

ADP Enrichment

CVE Program Container

Additional References

References