Apache Pdfbox
10 CVEs affecting Apache Pdfbox. Latest disclosed: 2026-04-14. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-0228 | Critical | 9.8 | 2019-04-17 | Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a c… |
CVE-2016-2175 | High | 7.8 | 2016-06-01 | Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External… |
CVE-2018-8036 | Medium | 6.5 | 2018-07-03 | In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exce… |
CVE-2021-31812 | Medium | 5.5 | 2021-06-12 | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2… |
CVE-2021-31811 | Medium | 5.5 | 2021-06-12 | In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and… |
CVE-2021-27906 | Medium | 5.5 | 2021-03-19 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versi… |
CVE-2021-27807 | Medium | 5.5 | 2021-03-19 | A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. |
CVE-2018-11797 | Medium | 5.5 | 2018-10-05 | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page t… |
CVE-2026-23907 | Medium | 5.3 | 2026-03-10 | This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example… |
CVE-2026-33929 | Medium | 4.3 | 2026-04-14 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbedde… |