PT-2020-2661 · Apache+2 · Apache Tika+2

Published

2020-03-23

Updated

2025-05-23

CVE-2020-1951

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.0 through 1.23

Description A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser, potentially leading to a denial of service. The issue is related to the PSDParser's handling of input, which can allow an attacker to cause the service to enter an infinite loop using a specially crafted PSD file.

Recommendations For Apache Tika versions 1.0 through 1.23, consider disabling the PSDParser functionality until a patch is available to prevent potential denial of service attacks.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2020-02705

CVE-2020-1951

DLA-2161-1

GHSA-3264-3FM9-FG44

USN-4564-1

USN-7529-1

Affected Products

Apache Tika

Linuxmint

Ubuntu

PT-2020-2661 · Apache+2 · Apache Tika+2

CVE-2020-1951

Weakness Enumeration

Related Identifiers

Affected Products

References · 25