Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-9489

Опубликовано: 27 апр. 2020
Источник: debian
EPSS Низкий

Описание

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tikaunfixedpackage
tikano-dsabullseyepackage
tikano-dsabusterpackage
tikaignoredjessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2020/04/24/1

EPSS

Процентиль: 59%
0.00388
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-9489

CVSS3: 5.5
ubuntu
почти 6 лет назад

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

redhat логотип

CVE-2020-9489

CVSS3: 5.5
redhat
почти 6 лет назад

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

nvd логотип

CVE-2020-9489

CVSS3: 5.5
nvd
почти 6 лет назад

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

github логотип

GHSA-4pv3-63jw-4jw2

CVSS3: 5.5
github
больше 4 лет назад

Missing Release of Memory after Effective Lifetime in Apache Tika

fstec логотип

BDU:2020-05177

CVSS3: 6.5
fstec
почти 6 лет назад

Уязвимость среды обнаружения и анализа контента Apache Tika, связанная с ошибками освобождения памяти перед удалением последней ссылки, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 59%
0.00388
Низкий