oss-sec mailing list archives

CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file

From: Andreas Lehmkuehler <andreas () lehmi de>
Date: Sat, 12 Jun 2021 11:04:42 +0200

Description:

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loadingthe file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.


This issue is being tracked as PDFBOX-5177

Mitigation:

This issue was fixed in 2.0.24. All users are recommended to upgrade to ApachePDFBox 2.0.24


Credit:

Apache PDFBox would like to thank Chaoyuan Peng for reporting this issue

References:
https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E

Current thread:

CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file Andreas Lehmkuehler (Jun 12)