apache tika CVE-2020-9489 in Apache and Oracle Products
Published on April 27, 2020

product logo product logo
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

NVD


Products Associated with CVE-2020-9489

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-9489 are published in these products:

Apache Tika
 
Oracle Flexcube Private Banking
 
Oracle Primavera Unifier
 
Oracle Webcenter Portal
 
Oracle Communications Messaging Server
 

Affected Versions

The Apache Software Foundation Apache Tika Version Up to 1.24 is affected by CVE-2020-9489

Exploit Probability

EPSS
0.39%
Percentile
59.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.