Lucene search

[email protected]NVD:CVE-2020-1951

HistoryMar 23, 2020 - 2:15 p.m.

CVE-2020-1951

2020-03-2314:15:13

CWE-835

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.6%

JSON

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika’s PSDParser in versions 1.0-1.23.

Affected configurations

Nvd

Node

apachetikaRange1.0–1.23

Node

oraclebusiness_process_management_suiteMatch12.2.1.3.0

oraclebusiness_process_management_suiteMatch12.2.1.4.0

oraclecommunications_messaging_serverMatch8.0.2

oraclecommunications_messaging_serverMatch8.1

oracleflexcube_private_bankingMatch12.0.0

oracleflexcube_private_bankingMatch12.1.0

canonicalubuntu_linuxMatch16.04esm

debiandebian_linuxMatch8.0

VendorProductVersionCPE
apachetika*cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*
oraclebusiness_process_management_suite12.2.1.3.0cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
oraclebusiness_process_management_suite12.2.1.4.0cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
oraclecommunications_messaging_server8.0.2cpe:2.3:a:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*
oraclecommunications_messaging_server8.1cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
oracleflexcube_private_banking12.0.0cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
oracleflexcube_private_banking12.1.0cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tika	*	cpe:2.3:a:apache:tika::::::::
oracle	business_process_management_suite	12.2.1.3.0	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
oracle	business_process_management_suite	12.2.1.4.0	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
oracle	communications_messaging_server	8.0.2	cpe:2.3:a:oracle:communications_messaging_server:8.0.2:::::::*
oracle	communications_messaging_server	8.1	cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
oracle	flexcube_private_banking	12.0.0	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
oracle	flexcube_private_banking	12.1.0	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*