CVE-2019-10094: Stack buffer overflow

August 2, 2019 (updated August 12, 2019)

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika’s RecursiveParserWrapper.

References

nvd.nist.gov/vuln/detail/CVE-2019-10094

Detect and mitigate CVE-2019-10094 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →