CVE-2020-9489: Missing Release of Memory after Effective Lifetime

April 27, 2020 (updated July 21, 2021)

A carefully crafted or corrupt file may trigger a System.exit in Tika’s OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops.

References

lists.apache.org/thread.html/r4d943777e36ca3aa6305a45da5acccc54ad894f2d5a07186cfa2442c%40%3Cdev.tika.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-9489

Code Behaviors & Features

Detect and mitigate CVE-2020-9489 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →