Infinite Loop Vulnerability in Apache Tika's PSDParser for Multiple Versions
CVE-2020-1951

5.5MEDIUM

Key Information:

Vendor
Apache
Status
Apache Tika
Vendor
CVE Published:
23 March 2020

Summary

The vulnerability in Apache Tika's PSDParser allows an attacker to craft a malicious PSD file that results in an infinite loop, causing the parser to hang indefinitely. This can disrupt service and potentially expose system resources to denial of service conditions. Users of affected versions from 1.0 to 1.23 should take precautions by verifying PSD file integrity prior to parsing.

Affected Version(s)

Apache Tika Apache Tika 1.0-1.23

References

https://lists.debian.org/debian-lts-announce/2020/03/msg0...
mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://lists.apache.org/thread.html/rd8c1b42bd0e31870d80...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.