Apache Tika BPG Parser Memory Allocation Vulnerability

CVE-2022-25169 · MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-25169

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

Learn more about our Cis Benchmark Audit For Apache Http Server.