CVE-2020-1950

Published: Mar 23, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

Affected (9)

Products: Apache: Tika · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Apache: Tika · Canonical: Ubuntu Linux · Debian: Debian Linux · Oracle: Business Process Management Suite, Communications Messaging Server, Flexcube Private Banking

1 product

1 product

1 product

3 products

Business Process Management Suite

Communications Messaging Server

Flexcube Private Banking

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Tika	From 1.0 to 1.23

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Debian Debian Linux	Version 8.0
Oracle Business Process Management Suite	Version 12.2.1.3.0
Oracle Business Process Management Suite	Version 12.2.1.4.0
Oracle Communications Messaging Server	Version 8.0.2
Oracle Communications Messaging Server	Version 8.1
Oracle Flexcube Private Banking	Version 12.0.0
Oracle Flexcube Private Banking	Version 12.1.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4564-1/

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@apache.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: security@apache.org

PatchThird Party Advisory

https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4564-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.