// For flags

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x

*Credits: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-28 CVE Reserved
  • 2021-03-19 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-11-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-834: Excessive Iteration
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (23)
URL Tag Source
https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e88b8792dbf319a9%40%3Cannounce.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fffb52b94fbc4ab36%40%3Cusers.pdfbox.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133adc235ac%40%3Ccommits.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12%40%3Cnotifications.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce8644fdc0e%40%3Cnotifications.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd68ccd3%40%3Ccommits.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd4769fa6c%40%3Cnotifications.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba10543c3%40%3Cnotifications.ofbiz.apache.org%3E Mailing List
https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac67956686ad9b9%40%3Cnotifications.ofbiz.apache.org%3E Mailing List
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Pdfbox
Search vendor "Apache" for product "Pdfbox"
>= 2.0.0 <= 2.0.22
Search vendor "Apache" for product "Pdfbox" and version " >= 2.0.0 <= 2.0.22"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Oracle
Search vendor "Oracle"
Banking Trade Finance Process Management
Search vendor "Oracle" for product "Banking Trade Finance Process Management"
14.2.0
Search vendor "Oracle" for product "Banking Trade Finance Process Management" and version "14.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Trade Finance Process Management
Search vendor "Oracle" for product "Banking Trade Finance Process Management"
14.3.0
Search vendor "Oracle" for product "Banking Trade Finance Process Management" and version "14.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Trade Finance Process Management
Search vendor "Oracle" for product "Banking Trade Finance Process Management"
14.5.0
Search vendor "Oracle" for product "Banking Trade Finance Process Management" and version "14.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Treasury Management
Search vendor "Oracle" for product "Banking Treasury Management"
14.5
Search vendor "Oracle" for product "Banking Treasury Management" and version "14.5"
-
Affected
Oracle
Search vendor "Oracle"
Banking Virtual Account Management
Search vendor "Oracle" for product "Banking Virtual Account Management"
14.2.0
Search vendor "Oracle" for product "Banking Virtual Account Management" and version "14.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Virtual Account Management
Search vendor "Oracle" for product "Banking Virtual Account Management"
14.3.0
Search vendor "Oracle" for product "Banking Virtual Account Management" and version "14.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Virtual Account Management
Search vendor "Oracle" for product "Banking Virtual Account Management"
14.5.0
Search vendor "Oracle" for product "Banking Virtual Account Management" and version "14.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Session Report Manager
Search vendor "Oracle" for product "Communications Session Report Manager"
>= 8.0.0 <= 8.2.4.0
Search vendor "Oracle" for product "Communications Session Report Manager" and version " >= 8.0.0 <= 8.2.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Flexcube Universal Banking
Search vendor "Oracle" for product "Flexcube Universal Banking"
>= 14.0.0 <= 14.3.0
Search vendor "Oracle" for product "Flexcube Universal Banking" and version " >= 14.0.0 <= 14.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Flexcube Universal Banking
Search vendor "Oracle" for product "Flexcube Universal Banking"
14.5.0
Search vendor "Oracle" for product "Flexcube Universal Banking" and version "14.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Hyperion Financial Reporting
Search vendor "Oracle" for product "Hyperion Financial Reporting"
11.1.2.4
Search vendor "Oracle" for product "Hyperion Financial Reporting" and version "11.1.2.4"
-
Affected
Oracle
Search vendor "Oracle"
Hyperion Financial Reporting
Search vendor "Oracle" for product "Hyperion Financial Reporting"
11.2.6.0
Search vendor "Oracle" for product "Hyperion Financial Reporting" and version "11.2.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Hyperion Infrastructure Technology
Search vendor "Oracle" for product "Hyperion Infrastructure Technology"
< 11.2.8.0
Search vendor "Oracle" for product "Hyperion Infrastructure Technology" and version " < 11.2.8.0"
-
Affected
Oracle
Search vendor "Oracle"
Outside In Technology
Search vendor "Oracle" for product "Outside In Technology"
8.5.5
Search vendor "Oracle" for product "Outside In Technology" and version "8.5.5"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
>= 17.7 <= 17.12
Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
18.8
Search vendor "Oracle" for product "Primavera Unifier" and version "18.8"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
19.12
Search vendor "Oracle" for product "Primavera Unifier" and version "19.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
20.12
Search vendor "Oracle" for product "Primavera Unifier" and version "20.12"
-
Affected
Oracle
Search vendor "Oracle"
Retail Customer Management And Segmentation Foundation
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"
19.0
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "19.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
16.0.6
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "16.0.6"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
17.0.4
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "17.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
18.0.3
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "18.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
19.0.2
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "19.0.2"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
20.0.1
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "20.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
12.2.1.3.0
Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
12.2.1.4.0
Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Messaging Server
Search vendor "Oracle" for product "Communications Messaging Server"
8.1
Search vendor "Oracle" for product "Communications Messaging Server" and version "8.1"
-
Affected