Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-9489

Опубликовано: 24 апр. 2020
Источник: redhat
CVSS3: 5.5

Описание

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss BRMS 5tika-coreOut of support scope
Red Hat JBoss BRMS 6tika-coreOut of support scope
Red Hat JBoss Data Virtualization 6tika-coreOut of support scope
Red Hat JBoss Fuse Service Works 6tika-coreOut of support scope
Red Hat Fuse 7.8.0camel-tikaFixedRHSA-2020:556816.12.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=1850042tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-9489

CVSS3: 5.5
ubuntu
почти 6 лет назад

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

nvd логотип

CVE-2020-9489

CVSS3: 5.5
nvd
почти 6 лет назад

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

debian логотип

CVE-2020-9489

CVSS3: 5.5
debian
почти 6 лет назад

A carefully crafted or corrupt file may trigger a System.exit in Tika' ...

github логотип

GHSA-4pv3-63jw-4jw2

CVSS3: 5.5
github
больше 4 лет назад

Missing Release of Memory after Effective Lifetime in Apache Tika

fstec логотип

BDU:2020-05177

CVSS3: 6.5
fstec
почти 6 лет назад

Уязвимость среды обнаружения и анализа контента Apache Tika, связанная с ошибками освобождения памяти перед удалением последней ссылки, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3