CVE-2021-31811 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
https://notcve.org/view.php?id=CVE-2021-31811
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. En Apache PDFBox, un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a la versión 2.0.23 de Apache PDFBox anterior a versiones 2.0.x • http://www.openwall.com/lists/oss-security/2021/06/12/2 https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff%40%3Cnotifications.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb%40%3Cnotifications.ofbiz.apache.org%3E http • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVE-2021-31812 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-31812
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. En Apache PDFBox, un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a versión 2.0.23 de Apache PDFBox anterior a versiones 2.0.x • http://www.openwall.com/lists/oss-security/2021/06/12/1 https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff%40%3Cnotifications.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb%40%3Cnotifications.ofbiz.apache.org%3E http • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-27906 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
https://notcve.org/view.php?id=CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x • http://www.openwall.com/lists/oss-security/2021/03/19/10 https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3E https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption CWE-789: Memory Allocation with Excessive Size Value •
CVE-2021-27807 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x • http://www.openwall.com/lists/oss-security/2021/03/19/9 https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e88b8792dbf319a9%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3E https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fffb52b94fbc4ab36%40%3Cusers.pdfbox.apache.org%3E https://lists • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-0228
https://notcve.org/view.php?id=CVE-2019-0228
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Apache PDFBox versión 2.0.14 no inicializa correctamente el analizador XML, lo que permite a los atacantes dependientes del contexto realizar ataques de Entidades Externas XML (XXE) por medio de un XFDF creado. • https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79%40%3Cusers.pdfbox.apache.org%3E https://lists.apache.org/thread.html/8a19bd6d43e359913341043c2a114f91f9e4ae170059539ad1f5673c%40%3Ccommits.tika.apache.org%3E https://lists.apache.org/thread.html/bc8db1bf459f1ad909da47350ed554ee745abe9f25f2b50cad4e06dd%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/be86fcd7cd423a3fe6b73a3cb9d7cac0b619d0deb99e6b5d172c98f4%40%3Ccommits.tika.apache.org%3E https://lists.apache.org/thread.html/r0a2141abeddae66dd57025f1681c8425834062b7c0c7e0b1d830a95d • CWE-611: Improper Restriction of XML External Entity Reference •