What is CVE-2021-27807?

CVE-2021-27807 is a medium-severity vulnerability in Apache Pdfbox, classified under Excessive Iteration. CVSS score: 5.5/10. Published 2021-03-19.

How severe is CVE-2021-27807?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2021-27807 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Pdfbox

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

EPSS: 0.030 (85.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Apache Pdfbox
Apache Software Foundation Pdfbox — versions Apache PDFBox
Oracle Banking_trade_finance_process_management — versions 14.2.0, 14.3.0, 14.5.0
Oracle Banking_treasury_management — versions 14.5
Oracle Banking_virtual_account_management — versions 14.2.0, 14.3.0, 14.5.0
Oracle Communications_messaging_server — versions 8.1
Oracle Communications_session_report_manager
Oracle Flexcube_universal_banking — versions 14.5.0
Oracle Hyperion_financial_reporting — versions 11.1.2.4, 11.2.6.0
Oracle Hyperion_infrastructure_technology

Weakness classification (CWE)

CWE-834 — Excessive Iteration

Public proof-of-concept exploits

References

security@apache.org (Mailing List, x_refsource_MISC, Vendor Advisory)
security@apache.org (Vendor Advisory, mailing-list, x_refsource_MLIST, Mailing List)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-27807?: CVE-2021-27807 is a medium-severity vulnerability in Apache Pdfbox, classified under Excessive Iteration. CVSS score: 5.5/10. Published 2021-03-19.
How severe is CVE-2021-27807?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2021-27807 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.