Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNjQtM2ZtOS1mZzQ0

Moderate EPSS: 0.00301% (0.52979 Percentile) EPSS:
Permalink JSON

Infinite Loop in Apache Tika

Affected Packages Affected Versions Fixed Versions
maven:org.apache.tika:tika >= 1.0, <= 1.23 1.24
1 Dependent packages
56 Dependent repositories

Affected Version Ranges

All affected versions

1.19.1

All unaffected versions

1.24.1, 1.28.1, 1.28.2, 1.28.3, 1.28.4, 1.28.5, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 3.0.0, 3.1.0, 3.2.0, 3.2.1, 3.2.2, 3.2.3

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

References:

Identifiers

GHSA-3264-3fm9-fg44

CVE-2020-1951

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00301

EPSS Percentile: 0.52979

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 4 years ago

Updated

almost 3 years ago

API

JSON