The vulnerability arises from AbstractModelReader methods (getOutcomes(), getOutcomePatterns(), getPredicates()) reading 32-bit signed integer counts from a binary model stream and using these values directly for array allocations without validating their size or sign. An attacker can craft a .bin model file with extremely large count values (e.g., Integer.MAX_VALUE) to trigger an OutOfMemoryError early in deserialization, causing denial of service. The flaw affects Apache OpenNLP versions before 2.5.9 and 3.0.0-M3. The fix introduces an upper bound (default 10,000,000) on these counts, throwing an IllegalArgumentException if exceeded, preventing large allocations. Users can configure this limit via the OPENNLP_MAX_ENTRIES system property if needed.

This vulnerability allows an attacker to cause a denial of service by crashing the JVM process that loads a maliciously crafted .bin model file. There is no impact on confidentiality or integrity, only availability is affected. The denial of service occurs early in the model deserialization process and can be triggered by a small crafted file, making it practical for attackers to disrupt services that load untrusted or semi-trusted models.

Fixed versions are available: users of Apache OpenNLP 2.x should upgrade to version 2.5.9 or later, and users of 3.x should upgrade to 3.0.0-M3 or later. The fix enforces upper bounds on array allocation sizes to prevent heap exhaustion. Deployments that cannot upgrade immediately should treat all .bin model files as untrusted input unless their provenance is verified and avoid loading models from untrusted or third-party sources without integrity checks. The vendor advisory does not indicate any temporary fixes or that no action is required.