Apache Tika Security Update (MINDBREEZE17777)

ID: MINDBREEZE17777 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 5.5 Medium 
Status: Final 
First published: October 4, 2021 
CVEs: CVE-2021-28657, CVE-2021-27906, CVE-2021-27807 

Summary

  • CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file.
  • CVE-2021-27906: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
  • CVE-2021-28657: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser 

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

  • Mindbreeze InSpire 21.2 Release (Version 21.2.1.1027)

  • Mindbreeze InSpire SaaS 21.2 Release (Version 21.2.1.1027)