====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN318
_____________________________________________________________________

DATE                : 14/06/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache PDFBox versions prior to
                                         2.0.24.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202106.mbox/%3c8858bea6-ed2e-9c45-3358-87e0cbc44951@apache.org%3e
http://mail-archives.apache.org/mod_mbox/www-announce/202106.mbox/%3c9ff2d8b6-5c7b-925b-02d5-cbc4e578da63@apache.org%3e
_____________________________________________________________________

CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger
an infinite loop while loading the file


Description:

A carefully crafted PDF file can trigger an infinite loop while loading
the file. This issue affects Apache PDFBox version 2.0.23 and prior
2.0.x versions.


Mitigation:

This issue was fixed in 2.0.24. All users are recommended to upgrade to
Apache PDFBox 2.0.24


Credit:

Apache PDFBox would like to thank Chaoyuan Peng for reporting this issue

References:
https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E

_____________________________________________________________________

CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger
an OutOfMemory-Exception while loading a tiny file


Description:

A carefully crafted PDF file can trigger an OutOfMemory-Exception while
loading the file. This issue affects Apache PDFBox version 2.0.23 and
prior 2.0.x versions.


This issue is being tracked as PDFBOX-5177


Mitigation:

This issue was fixed in 2.0.24. All users are recommended to upgrade to
Apache PDFBox 2.0.24


Credit:

Apache PDFBox would like to thank Chaoyuan Peng for reporting this issue

References:
https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================