VYPR

Maven package

org.apache.pdfbox/pdfbox

pkg:maven/org.apache.pdfbox/pdfbox

Vulnerabilities (8)

  • CVE-2021-31812Jun 12, 2021
    affected >= 2.0.0, < 2.0.24fixed 2.0.24

    In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

  • CVE-2021-31811Jun 12, 2021
    affected >= 2.0.0, < 2.0.24fixed 2.0.24

    In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

  • CVE-2021-27906Mar 19, 2021
    affected >= 2.0.0, < 2.0.23fixed 2.0.23

    A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

  • CVE-2021-27807Mar 19, 2021
    affected >= 2.0.0, < 2.0.23fixed 2.0.23

    A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

  • CVE-2019-0228Apr 17, 2019
    affected >= 2.0.14, < 2.0.15fixed 2.0.15

    Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

  • CVE-2018-11797MedOct 5, 2018
    affected >= 1.8.0, < 1.8.16fixed 1.8.16

    In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

  • CVE-2018-8036MedJul 3, 2018
    affected >= 1.8.0, < 1.8.15fixed 1.8.15

    In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

  • CVE-2016-2175HigJun 1, 2016
    affected < 1.8.12fixed 1.8.12

    Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.