VDB
CVE-2020-9489
CVE-2020-9489
PUBLISHED
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.
EPSS 0.39% · 60.4th percentile
Risk Scores
EPSS Score
0.39%
60.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | tika | 0, 1.22-2 |
Timeline
- Apr 27, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- May 2, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 21, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-9489 third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/04/24/1 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-9489 third-party-advisory