- Vulnerability/
- USN-4564-1
USN-4564-1: Apache Tika vulnerabilities
First published: Mon Oct 05 2020(Updated: )
It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service (crash). (CVE-2020-1950, CVE-2020-1951)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libtika-java | <1.5-4ubuntu0.1 | 1.5-4ubuntu0.1 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Apache Tika vulnerabilities?
The vulnerability ID for Apache Tika vulnerabilities is USN-4564-1.
What is the impact of the Apache Tika vulnerabilities?
The Apache Tika vulnerabilities can cause excessive memory usage and denial of service (crash).
How can an attacker exploit these vulnerabilities?
An attacker can exploit these vulnerabilities by using a crafted or corrupt PSD file.
What is the recommended version of libtika-java package to fix the vulnerabilities?
The recommended version of the libtika-java package to fix the vulnerabilities is 1.5-4ubuntu0.1.
Where can I find more information about the Apache Tika vulnerabilities?
You can find more information about the Apache Tika vulnerabilities at the following references: [CVE-2020-1951](https://ubuntu.com/security/CVE-2020-1951), [CVE-2020-1950](https://ubuntu.com/security/CVE-2020-1950), [launchpad.net](https://launchpad.net/ubuntu/+source/tika/1.5-4ubuntu0.1).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04