CVE-2016-6809: tika: Native deserialization of Java objects in matlab files

Severity: Critical

CVSS Score: 9.8

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.