CVE-2020-1951

CWE-83515 documents9 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 56.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apache TikaCanonical Ubuntu LinuxDebian Debian Linux+3 more
Timeline
PublishedMar 23
Latest updateMay 23

Description

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

Mavenorg.apache.tika:tika1.01.24
NVDapache/tika1.01.23
CVEListV5apache_tikaApache Tika 1.0-1.23
Debiantika< 1.22-2
Ubuntutika< 1.5-4ubuntu0.1+2

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

6
OSV
tika vulnerabilities2025-05-23
GHSA
Infinite Loop in Apache Tika2021-05-07
OSV
Infinite Loop in Apache Tika2021-05-07
OSV
tika vulnerabilities2020-10-05
CVEList
CVE-2020-1951: A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 12020-03-23

📋Vendor Advisories

6
Ubuntu
Apache Tika vulnerabilities2025-05-23
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Core (Apache Tika) — CVE-2020-19512020-10-15
Ubuntu
Apache Tika vulnerabilities2020-10-05
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Apache Tika) — CVE-2020-19512020-07-15
Debian
CVE-2020-1951: tika - A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tik...2020

💬Community

2
Bugzilla
CVE-2020-1951 tika: crafted or corrupt PSD file leads to DoS [fedora-all]2020-05-05
Bugzilla
CVE-2020-1951 tika: crafted or corrupt PSD file leads to DoS2020-05-05
CVE-2020-1951 (MEDIUM CVSS 5.5) | A carefully crafted or corrupt PSD | cvebase.io