==================================================================== CERT-Renater Note d'Information No. 2021/VULN172 _____________________________________________________________________ DATE : 23/03/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache PDFBox versions prior to 2.0.23. ===================================================================== http://mail-archives.apache.org/mod_mbox/www-announce/202103.mbox/%3c1b04c56f-386e-1f44-7eb4-a80c08ebeb26@apache.org%3e http://mail-archives.apache.org/mod_mbox/www-announce/202103.mbox/%3c46b8308e-49c9-f7bc-7c01-475202612196@apache.org%3e _____________________________________________________________________ CVE-2021-27906: Apache PDFBox a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file Description: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions. This issue is being tracked as PDFBOX-5112 and was fixed in 2.0.23. All users are recommended to upgrade to Apache PDFBox 2.0.23 Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue _____________________________________________________________________ CVE-2021-27807: Apache PDFBox a carefully crafted PDF file can trigger an infinite loop while loading the file Description: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions. This issue was fixed in 2.0.23. All users are recommended to upgrade to Apache PDFBox 2.0.23 Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================