CVE-2020-1951

Published: Mar 23, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

Affected (9)

Products: Apache: Tika · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Apache: Tika · Canonical: Ubuntu Linux · Debian: Debian Linux · Oracle: Business Process Management Suite, Communications Messaging Server, Flexcube Private Banking

1 product

1 product

1 product

3 products

Business Process Management Suite

Communications Messaging Server

Flexcube Private Banking

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Tika	From 1.0 to 1.23

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Debian Debian Linux	Version 8.0
Oracle Business Process Management Suite	Version 12.2.1.3.0
Oracle Business Process Management Suite	Version 12.2.1.4.0
Oracle Communications Messaging Server	Version 8.0.2
Oracle Communications Messaging Server	Version 8.1
Oracle Flexcube Private Banking	Version 12.0.0
Oracle Flexcube Private Banking	Version 12.1.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4564-1/

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@apache.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: security@apache.org

PatchThird Party Advisory

https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4564-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.