CVE-2018-8017

Name: CVE-2018-8017
Creator: NVD / NIST
Published: 2018-09-19T14:29:02.38+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.51%

Last modified Jun 17, 2026

CVE-2018-8017 is a vulnerability of currently unknown severity. In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.. EPSS estimates a 2.51% chance of exploitation in the next 30 days.

Description

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

Metrics

EPSS Probability

2.51%

82.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-835

Affected Software

Vendor	Product	Versions
Apache	Tika	>= 1.2, <= 1.18

References

http://www.securityfocus.com/bid/105513Third Party Advisory, VDB Entry
https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91%40%3Cdev.tika.apache.org%3E
http://www.securityfocus.com/bid/105513Third Party Advisory, VDB Entry
https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91%40%3Cdev.tika.apache.org%3E

Timeline

Published: Sep 19, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-8017?

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

How severe is CVE-2018-8017?

Severity scoring for CVE-2018-8017 is pending analysis. The EPSS model estimates a 2.51% probability of exploitation in the next 30 days.

How do I fix CVE-2018-8017?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-8017?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST