5.5

CVE-2020-1951

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTika Version >= 1.0 <= 1.23
OracleFlexcube Private Banking Version12.0.0
OracleFlexcube Private Banking Version12.1.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.83% 0.849
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.oracle.com/security-alerts/cpujul2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4564-1/
Third Party Advisory
https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E
Vendor Advisory
Mailing List