Apache Tika could be made to crash if it opened a specially crafted
file.
Software Description:
- tika: A content analysis toolkit
Details:
It was discovered that Apache Tika can have an excessive memory usage by
using a crafted or corrupt PSD file. An attacker could use it to cause a
denial of service (crash). (CVE-2020-1950, CVE-2020-1951)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libtika-java 1.5-4ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4564-1
CVE-2020-1950, CVE-2020-1951
Get the latest Linux and open source security news straight to your inbox.