[ANNOUNCE] Apache Tika 1.24 released

2020-03-18 Thread Tim Allison
The Apache Tika project is pleased to announce the release of Apache Tika 1.24. The release contents have been pushed out to the main Apache release site and to the Maven Central sync, so the releases should be available as soon as the mirrors get the syncs. Apache Tika is a toolkit for detecting

[CVE-2020-1951] Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser

2020-03-18 Thread Tim Allison
TItle: [CVE-2020-1951] Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.0 to 1.23 Description: A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in

[CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser

2020-03-18 Thread Tim Allison
Title: [CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.0 to 1.23 Description: A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache