CVE-2021-28657
Infinite loop in Apache Tika's MP3 parser
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Affected products
Apache Software Foundation · Apache TikaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Ehttps://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210507-0004/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html