CVE-2018-8017: Loop with Unreachable Exit Condition ('Infinite Loop')

October 17, 2018 (updated September 14, 2021)

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

References

www.securityfocus.com/bid/105513
github.com/advisories/GHSA-j53j-gmr9-h8g3
lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-8017

Code Behaviors & Features

Detect and mitigate CVE-2018-8017 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →