Maven package
org.apache.pdfbox/pdfbox
pkg:maven/org.apache.pdfbox/pdfbox
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-31812 | — | >= 2.0.0, < 2.0.24 | 2.0.24 | Jun 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. | ||
| CVE-2021-31811 | — | >= 2.0.0, < 2.0.24 | 2.0.24 | Jun 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. | ||
| CVE-2021-27906 | — | >= 2.0.0, < 2.0.23 | 2.0.23 | Mar 19, 2021 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||
| CVE-2021-27807 | — | >= 2.0.0, < 2.0.23 | 2.0.23 | Mar 19, 2021 | A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||
| CVE-2019-0228 | — | >= 2.0.14, < 2.0.15 | 2.0.15 | Apr 17, 2019 | Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | ||
| CVE-2018-11797 | Med | 5.5 | >= 1.8.0, < 1.8.16 | 1.8.16 | Oct 5, 2018 | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. | |
| CVE-2018-8036 | Med | 6.5 | >= 1.8.0, < 1.8.15 | 1.8.15 | Jul 3, 2018 | In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | |
| CVE-2016-2175 | Hig | 7.8 | < 1.8.12 | 1.8.12 | Jun 1, 2016 | Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. |
- CVE-2021-31812Jun 12, 2021affected >= 2.0.0, < 2.0.24fixed 2.0.24
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
- CVE-2021-31811Jun 12, 2021affected >= 2.0.0, < 2.0.24fixed 2.0.24
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
- CVE-2021-27906Mar 19, 2021affected >= 2.0.0, < 2.0.23fixed 2.0.23
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
- CVE-2021-27807Mar 19, 2021affected >= 2.0.0, < 2.0.23fixed 2.0.23
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
- CVE-2019-0228Apr 17, 2019affected >= 2.0.14, < 2.0.15fixed 2.0.15
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
- affected >= 1.8.0, < 1.8.16fixed 1.8.16
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
- affected >= 1.8.0, < 1.8.15fixed 1.8.15
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
- affected < 1.8.12fixed 1.8.12
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.