====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN189
_____________________________________________________________________

DATE                : 30/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Tika versions 1.26.

=====================================================================
http://mail-archives.apache.org/mod_mbox/tika-user/202103.mbox/%3cCAC1dCwV3xi7K9yCmBHDiX=j-XWhXjGiUB2=S+gscO_cnRYKHCA@mail.gmail.com%3e
_____________________________________________________________________

CVE-2021-28657 Infinite loop in Apache Tika's MP3 parser


Description:

A carefully crafted or corrupt file may trigger an infinite loop in
Tika's MP3Parser up to and including Tika 1.25. Apache Tika users
should upgrade to 1.26 or later.

Mitigation:

Users should upgrade to 1.26 or later.

Credit:

Apache Tika would like to thank Khaled Nassar for reporting this issue.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================