CVE-2019-10088 in Ubuntu

CVE-2019-10088

Priority

Description

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's
RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22
or later.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088
https://www.openwall.com/lists/oss-security/2019/08/02/2
https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933744

Notes

Package

Source: tika (LP Ubuntu Debian)

Upstream:	released (1.22-1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):	needed
Ubuntu 19.10 (Eoan Ermine):	released (1.22-1)
Ubuntu 20.04 (Focal Fossa):	released (1.22-1)

Patches:

Upstream:

https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6

More Information

Updated: 2019-12-05 19:58:13 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)