N/A

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

N/A

N/A

Apache Tika 安全漏洞

Apache Tika是美国阿帕奇（Apache）基金会的一个集成了POI（使用Java程序对MicrosoftOffice格式文档提供读和写功能的开源函数库）、Pdfbox（读取和创建PDF文档的纯Java类库）并为文本抽取工作提供了统一界面的内容抽取工具集合。 Apache Tika中的OneNote Parser的MP4Parser存在安全漏洞。攻击者可借助特制的文件或损坏的文件利用该漏洞造成内存不足及/或无限循环。

N/A

N/A