Vulnerability in Apache Pdfbox
CVE-2021-31812
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
EPSS: 0.031 (85.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Apache Pdfbox
- Apache Software Foundation Pdfbox — versions Apache PDFBox
- Oracle Banking_corporate_lending_process_management — versions 14.2.0, 14.3.0, 14.5.0
- Oracle Banking_credit_facilities_process_management — versions 14.2.0, 14.3.0, 14.5.0
- Oracle Banking_supply_chain_finance — versions 14.2.0, 14.3.0, 14.5.0
- Oracle Communications_messaging_server — versions 8.1
- Oracle Retail_customer_management_and_segmentation_foundation — versions 18.1
- Fedoraproject Fedora — versions 33, 34
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@apache.org (Mailing List, x_refsource_MISC, Vendor Advisory)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2021-31812?
- CVE-2021-31812 is a medium-severity vulnerability in Apache Pdfbox, classified under Excessive Iteration. CVSS score: 5.5/10. Published 2021-06-12.
- How severe is CVE-2021-31812?
- Medium severity. CVSS v3 base score is 5.5 out of 10.
- Is CVE-2021-31812 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.