CVE-2021-28657
MEDIUM5.5EPSS 0.22%Infinite loop in Apache Tika
Published: 5/10/2021Modified: 4/28/2026
Description
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Affected packages (2)
- Debian/tikafrom 0
- Maven/org.apache.tika:tikafrom 0, < 1.26
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28657
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-28657
- WEBhttps://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
- WEBhttps://security.netapp.com/advisory/ntap-20210507-0004
- WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html
- WEBhttps://www.oracle.com/security-alerts/cpuoct2021.html