UBUNTU-CVE-2020-9489

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-9489

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-9489.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-9489

Upstream

CVE-2020-9489

Published

2020-04-27T14:15:00Z

Modified

2025-10-10T18:02:22.482248Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

References

Affected packages

Ubuntu:25.10 / tika

Package

Name: tika
Purl: pkg:deb/ubuntu/tika@1.22-2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libtika-java",
            "binary_version": "1.22-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-9489.json"