CVE-2022-25169: Allocation of Resources Without Limits or Throttling

May 16, 2022 (updated November 9, 2022)

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

References

www.openwall.com/lists/oss-security/2022/05/16/4
lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk
nvd.nist.gov/vuln/detail/CVE-2022-25169

Detect and mitigate CVE-2022-25169 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →