CVE-2020-1950

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.0 through 1.23

Description The issue is related to excessive memory usage caused by a carefully crafted or corrupt PSD file in Apache Tika's PSDParser. This can lead to a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Apache Tika versions 1.0 through 1.23, consider disabling the PSDParser until a patch is available to prevent excessive memory usage and potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2020-02706

CVE-2020-1950

DLA-2161-1

GHSA-3H29-52VH-PQGR

USN-4564-1

USN-7529-1

Affected Products

Apache Tika

Linuxmint

Ubuntu

CVE-2020-1950

Weakness Enumeration

Related Identifiers

Affected Products

References · 25