[TIKA-3729] CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.28.1, 2.3.0
Fix Version/s: 1.28.2, 2.4.0
Component/s: metadata
Labels:
None

Description

CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.

https://github.com/drewnoakes/metadata-extractor/issues/561

Attachments

Activity

People

Assignee:: Tim Allison

Reporter:: Luigi De Masi

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Apr/22 17:45

Updated:: 05/May/22 10:31

Resolved:: 04/May/22 19:37