Vulnerability in Apache Tika
CVE-2020-1950
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
EPSS: 0.004 (62.1th percentile) — read the EPSS interpretation.
Affected products
- Apache Tika — versions Apache Tika 1.0-1.23
Public proof-of-concept exploits
References
- [debian-lts-announce] 20200328 [SECURITY] [DLA 2161-1] tika security update (mailing-list, x_refsource_MLIST)
- www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
- lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cb… (x_refsource_CONFIRM)
- USN-4564-1 (vendor-advisory, x_refsource_UBUNTU)
- www.oracle.com/security-alerts/cpuoct2020.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-1950?
- CVE-2020-1950 is a vulnerability in Apache Tika. Published 2020-03-23.
- Is CVE-2020-1950 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.