Pdfbox
CVE-2021-31811
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 57 maven packages depend on org.apache.pdfbox:pdfbox (17 direct, 40 indirect)
Ecosystem-wide dependent count for version 2.0.0.
DescriptionNVD
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
AnalysisAI
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.23 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-789. In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.23 and prior 2.0.x versions. Affected products include: Apache Pdfbox, Fedoraproject Fedora, Oracle Banking Corporate Lending Process Management, Oracle Banking Credit Facilities Process Management, Oracle Banking Supply Chain Finance. Version information: version 2.0.23.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XM
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-depe
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite lo
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file.0.23 and prior 2.0.x
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions.
A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated me
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long runn
Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today