cbcvebase.
CVE-2020-1950
published 2020-03-23

CVE-2020-1950: A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

Affected

16 ranges
VendorProductVersion rangeFixed in
apacheapache_tika
apachetika
apachetika>= 0 < 1.22-21.22-2
apachetika>= 0 < 1.5-4ubuntu0.11.5-4ubuntu0.1
apachetika>= 0 < 1.22-1ubuntu0.1~esm11.22-1ubuntu0.1~esm1
apachetika>= 0 < 1.22-2ubuntu0.22.04.1~esm11.22-2ubuntu0.22.04.1~esm1
apachetika1.0 – 1.23
canonicalubuntu_linux
debiandebian_linux
debiantika< tika 1.22-2 (bullseye)tika 1.22-2 (bullseye)
oraclebusiness_process_management_suite
oraclebusiness_process_management_suite
oraclecommunications_messaging_server
oraclecommunications_messaging_server
oracleflexcube_private_banking
oracleflexcube_private_banking

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM