A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9489 http://seclists.org/oss-sec/2020/q2/69 https://lists.apache.org/thread.html/r4d943777e36ca3aa6305a45da5acccc54ad894f2d5a07186cfa2442c%40%3Cdev.tika.apache.org%3E
This vulnerability is out of security support scope for the following products: * Red Hat JBoss BRMS 6 * Red Hat JBoss BRMS 5 * Red Hat JBoss Data Virtualization & Services 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details."
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse Service Works(FWS) 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details."
This issue has been addressed in the following products: Red Hat Fuse 7.8.0 Via RHSA-2020:5568 https://access.redhat.com/errata/RHSA-2020:5568
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-9489