CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-31812 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-31812
12 Jun 2021 — In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. En Apache PDFBox, un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a versión 2.0.23 de Apache PDFBox anterior a versiones 2.0.x A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Re... • http://www.openwall.com/lists/oss-security/2021/06/12/1 • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-31811 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
https://notcve.org/view.php?id=CVE-2021-31811
12 Jun 2021 — In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. En Apache PDFBox, un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a la versión 2.0.23 de Apache PDFBox anterior a versiones 2.0.x A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, w... • http://www.openwall.com/lists/oss-security/2021/06/12/2 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2021-27906 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
https://notcve.org/view.php?id=CVE-2021-27906
19 Mar 2021 — A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are docume... • http://www.openwall.com/lists/oss-security/2021/03/19/10 • CWE-400: Uncontrolled Resource Consumption CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2021-27807 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-27807
19 Mar 2021 — A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes ... • http://www.openwall.com/lists/oss-security/2021/03/19/9 • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 7%CPEs: 32EXPL: 0CVE-2019-0228
https://notcve.org/view.php?id=CVE-2019-0228
17 Apr 2019 — Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Apache PDFBox versión 2.0.14 no inicializa correctamente el analizador XML, lo que permite a los atacantes dependientes del contexto realizar ataques de Entidades Externas XML (XXE) por medio de un XFDF creado. • https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79%40%3Cusers.pdfbox.apache.org%3E • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-11797 – pdfbox: unbounded computation in parser resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-11797
05 Oct 2018 — In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. En Apache PDFBox 1.8.0 a 1.8.15 y 2.0.0RC1 a 2.0.11, un archivo PDF cuidadosamente manipulado puede desencadenar un cálculo que se ejecuta demasiado tiempo al analizar el árbol de páginas. This release of Red Hat Fuse 7.7.0 serves as a replacement for Red Hat Fuse 7.6, and includes bug fixes and enhancements, which are documented in the Release N... • https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb%40%3Cannounce.apache.org%3E • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-8036 – pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF
https://notcve.org/view.php?id=CVE-2018-8036
03 Jul 2018 — In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. En Apache PDFBox, desde la versión 1.8.0 hasta la 1.8.14 y desde la 2.0.0RC1 hasta la 2.0.10, un archivo especialmente manipulado (o no válido) que puede desencadenar un bucle infinito que conduce a una excepción de agotamiento de memoria en Apache PDFBox's AFMParser. Red Hat Fuse, based on Apache ServiceMix, provid... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-2175 – pdfbox: XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2016-2175
27 May 2016 — Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. Apache PDFBox en versiones anteriores a 1.8.12 y 2.x en versiones anteriores a 2.0.1 no inicializa correctamente los analizadores XML, lo que permite a atacantes dependientes del contexto llevar a cabo ataques XML External Entity (XXE) a través de un PDF manipulado. It was found that the parsing of XMP and othe... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E • CWE-611: Improper Restriction of XML External Entity Reference •