Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-3051

[Dependency] Buffer Overflow in com.drewnoakes:metadata-extractor 2.11.0

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.23
    • None
    • None
    • None

    Description

      This issue has been created automatically by a source code scanner

        1. Third party component with known security vulnerabilities
          ent-search-master/script/vendor_jars > Jars.lock > com.drewnoakes:metadata-extractor@2.11.0
        2. Overview

      [com.drewnoakes:metadata-extractor](https://github.com/drewnoakes/metadata-extractor) is a Java library for reading metadata from image files.

      Affected versions of this package are vulnerable to Buffer Overflow.
      Extraction of light source metadata data from an invalid/corrupt image file can lead to an infinite loop recursion within `PanasonicRawWbInfo2` descriptor class, resulting in stack consumption.

        1. Remediation

      Upgrade `com.drewnoakes:metadata-extractor` to version v2.13.0 or higher.

        1. References

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. TIKA-2952 Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              miiimooo Michael Moritz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: