VDB
DEBIAN-CVE-2021-28657
DEBIAN-CVE-2021-28657
PUBLISHED
CVSS 5.5 MEDIUM
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | tika | 0, 1.22-2, 1.22-2 |
Exploit Intelligence
- dependency-check-suppression.xml (github-poc)
Timeline
- Mar 31, 2021 CVE Published
- Apr 28, 2026 CVE Updated