Apache Tika vulnerabilities

4 known vulnerabilities affecting apache/apache_tika.

Total CVEs

4

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2020-1950MEDIUMCVSS 5.5vApache Tika 1.0-1.232020-03-23

CVE-2020-1950 [MEDIUM] CWE-400 CVE-2020-1950: A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

CVE-2019-10094HIGHCVSS 7.8v1.7 to 1.212019-08-02

CVE-2019-10094 [HIGH] CWE-770 CVE-2019-10094: A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.

CVE-2019-10088HIGHCVSS 8.8v1.7 to 1.212019-08-02

CVE-2019-10088 [HIGH] CWE-770 CVE-2019-10088: A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.

CVE-2019-10093MEDIUMCVSS 6.5v1.19 to 1.212019-08-02

CVE-2019-10093 [MEDIUM] CWE-770 CVE-2019-10093: In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available S In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.