| Bug | jessie | buster | bullseye | sid | Description |
|---|
| CVE-2022-33879 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ... |
| CVE-2022-30973 | vulnerable | fixed | fixed | fixed | We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the ... |
| CVE-2022-30126 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | In Apache Tika, a regular expression in our StandardsText class, used ... |
| CVE-2022-25169 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may ... |
| CVE-2021-28657 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | A carefully crafted or corrupt file may trigger an infinite loop in Ti ... |
| CVE-2020-9489 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | A carefully crafted or corrupt file may trigger a System.exit in Tika' ... |
| CVE-2020-1951 | fixed | vulnerable (no DSA) | fixed | fixed | A carefully crafted or corrupt PSD file can cause an infinite loop in ... |
| CVE-2020-1950 | fixed | vulnerable (no DSA) | fixed | fixed | A carefully crafted or corrupt PSD file can cause excessive memory usa ... |
| CVE-2019-10094 | fixed | vulnerable (no DSA) | fixed | fixed | A carefully crafted package/compressed file that, when unzipped/uncomp ... |
| CVE-2019-10093 | fixed | vulnerable (no DSA) | fixed | fixed | In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ... |
| CVE-2019-10088 | fixed | vulnerable (no DSA) | fixed | fixed | A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ... |
| CVE-2018-11762 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not ... |
| CVE-2018-11761 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | In Apache Tika 0.1 to 1.18, the XML parsers were not configured to lim ... |
| CVE-2018-8017 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an in ... |
| CVE-2018-1339 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A carefully crafted (or fuzzed) file can trigger an infinite loop in A ... |
| CVE-2016-4434 | vulnerable (no DSA) | fixed | fixed | fixed | Apache Tika before 1.13 does not properly initialize the XML parser or ... |