CVE-2020-1950

Published: Mar 23, 2020
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1950" target="_blank" rel="noopener"> CVE-2020-1950
GHSA: <a href="https://github.com/advisories/GHSA-3h29-52vh-pqgr" target="_blank" rel="noopener"> GHSA-3h29-52vh-pqgr
Severity: Medium
Exploit:

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
apache / tika	1.0	1.23.x
oracle / flexcube_private_banking	12.1.0	12.1.0.x
oracle / flexcube_private_banking	12.0.0	12.0.0.x
debian / debian_linux	8.0	8.0.x
oracle / business_process_management_suite	12.2.1.3.0	12.2.1.3.0.x
canonical / ubuntu_linux	16.04	16.04.x
oracle / business_process_management_suite	12.2.1.4.0	12.2.1.4.0.x
oracle / communications_messaging_server	8.1	8.1.x
oracle / communications_messaging_server	8.0.2	8.0.2.x
org.apache.tika / tika	1.0	1.24