org.apache.tika:tika
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.tika:tikapage 1 of 1
- CVE-2020-1950MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.242020-03-23
vulnerable: 1.10 ... 1.9 (19 versions)
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
- CVE-2020-1951MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.242020-03-23
vulnerable: 1.10 ... 1.9 (19 versions)
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
- CVE-2020-9489MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.24.12020-04-27
vulnerable: 0.2 ... 1.9 (22 versions)
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNot…
- CVE-2021-28657MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.262021-03-31
vulnerable: 0.2 ... 1.9 (24 versions)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
- CVE-2022-25169MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.02022-05-16
vulnerable: 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.3.0
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
- CVE-2022-33879LOWCVSS 3.3EG 3.3✓ Fixed in 2.4.12022-06-27
vulnerable: 2.0.0 ... 2.4.0 (6 versions)
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are …
Check whether org.apache.tika:tika is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.tika:tika CVEs against the assets you own.
Start Free Scan →