5.5
CVSSv3

CVE-2021-27906

CVSSv4: NA | CVSSv3: 5.5 | CVSSv2: 4.3 | VMScore: 650 | EPSS: 0.00111 | KEV: Not Included
Published: 19/03/2021 Updated: 21/11/2024

Vulnerability Summary

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache pdfbox

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

oracle banking corporate lending process management 14.2.0

oracle banking corporate lending process management 14.3.0

oracle banking corporate lending process management 14.5.0

oracle banking credit facilities process management 14.2.0

oracle banking credit facilities process management 14.3.0

oracle banking credit facilities process management 14.5.0

oracle banking supply chain finance 14.2.0

oracle banking supply chain finance 14.3.0

oracle banking supply chain finance 14.5.0

oracle banking trade finance process management 14.2.0

oracle banking trade finance process management 14.3.0

oracle banking trade finance process management 14.5.0

oracle banking treasury management 14.5

oracle banking virtual account management 14.2.0

oracle banking virtual account management 14.3.0

oracle banking virtual account management 14.5.0

oracle communications session report manager

oracle flexcube universal banking

oracle flexcube universal banking 14.5.0

oracle hyperion financial reporting 11.1.2.4

oracle hyperion financial reporting 11.2.6.0

oracle hyperion infrastructure technology

oracle outside in technology 8.5.5

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle retail customer management and segmentation foundation 19.0

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail xstore point of service 20.0.1

oracle webcenter sites 12.2.1.3.0

oracle webcenter sites 12.2.1.4.0

oracle communications messaging server 8.1

Vendor Advisories

Debian Bug report logs - #986008 libpdfbox2-java: CVE-2021-27906 Package: src:libpdfbox2-java; Maintainer for src:libpdfbox2-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 27 Mar 2021 18:57:06 UTC Severity: important Tag ...
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file This issue affects Apache PDFBox version 2022 and prior 20x versions ...

Mailing Lists

Description: This issue is being tracked as PDFBOX-5112 Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue ...

References

CWE-789NVD-CWE-Otherhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986008https://nvd.nist.govhttps://www.first.org/epsshttp://www.openwall.com/lists/oss-security/2021/03/19/10https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Ehttps://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133adc235ac%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r64982b768c8a2220b07aaf813bd099a9863de0d13eb212fd4efe208f%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce8644fdc0e%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd68ccd3%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd4769fa6c%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba10543c3%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rdf78aef4793362e778e21e34328b0456e302bde4b7e74f229df0ee04%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac67956686ad9b9%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ/https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://www.openwall.com/lists/oss-security/2021/03/19/10https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Ehttps://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133adc235ac%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r64982b768c8a2220b07aaf813bd099a9863de0d13eb212fd4efe208f%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce8644fdc0e%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd68ccd3%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd4769fa6c%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba10543c3%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rdf78aef4793362e778e21e34328b0456e302bde4b7e74f229df0ee04%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac67956686ad9b9%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ/https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html