Memory Usage Vulnerability in Apache Tika's PSDParser
CVE-2020-1950

5.5MEDIUM

Key Information:

Vendor
Apache
Status
Apache Tika
Vendor
CVE Published:
23 March 2020

Summary

A vulnerability exists in Apache Tika's PSDParser that can lead to excessive memory usage when processing specially crafted or corrupt PSD files. This issue impacts versions 1.0 to 1.23 of the software and could result in denial of service if exploited, making it crucial for users to update to the latest version to mitigate potential risks. The vulnerability can be exploited by loading a malicious PSD file, prompting an undesired consumption of memory resources.

Affected Version(s)

Apache Tika Apache Tika 1.0-1.23

References

https://lists.debian.org/debian-lts-announce/2020/03/msg0...
mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://lists.apache.org/thread.html/r463b1a67817ae55fe02...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.