CVE-2021-28657

CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser

Vendor Apache Software Foundation

Product Apache Tika

Weakness CWE-835

Published March 31, 2021

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Key dates

02Disclosure timeline

March 31, 2021 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-28657

Related vulnerabilities

CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser

01Description

02Disclosure timeline

03References

04Related CVE