CVE-2016-6809

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-6809

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6809.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6809

Aliases

GHSA-j8g6-2wh7-6439

Downstream

DEBIAN-CVE-2016-6809

Published

2017-04-06T21:59:00.213Z

Modified

2026-04-10T03:52:53.857942Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

References

Affected packages

Git / github.com/apache/tika

Affected ranges

Type

GIT

Repo

https://github.com/apache/tika

Events

Introduced

Last affected

386b68b5ae87beafacfb63f33e0a9888dedb9c30

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13"
        }
    ]
}

Affected versions

1.*

1.12

1.12-rc1

1.13

1.13-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6809.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.3.1"
            }
        ]
    }
]