Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-27906

Published: 19/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Pdfbox

Vulnerability Summary

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache pdfbox

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

oracle hyperion financial reporting 11.1.2.4

oracle webcenter sites 12.2.1.3.0

oracle primavera unifier 18.8

oracle primavera unifier

oracle flexcube universal banking

oracle peoplesoft enterprise peopletools 8.58

oracle outside in technology 8.5.5

oracle primavera unifier 19.12

oracle webcenter sites 12.2.1.4.0

oracle retail customer management and segmentation foundation 19.0

oracle primavera unifier 20.12

oracle banking virtual account management 14.3.0

oracle banking trade finance process management 14.3.0

oracle banking credit facilities process management 14.3.0

oracle banking corporate lending process management 14.3.0

oracle communications messaging server 8.1

oracle peoplesoft enterprise peopletools 8.59

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail xstore point of service 20.0.1

oracle hyperion financial reporting 11.2.6.0

oracle banking virtual account management 14.2.0

oracle banking virtual account management 14.5.0

oracle banking supply chain finance 14.2.0

oracle banking trade finance process management 14.5.0

oracle banking credit facilities process management 14.2.0

oracle banking credit facilities process management 14.5.0

oracle banking corporate lending process management 14.2.0

oracle banking corporate lending process management 14.5.0

oracle communications session report manager

oracle banking supply chain finance 14.5.0

oracle banking supply chain finance 14.3.0

oracle banking trade finance process management 14.2.0

oracle hyperion infrastructure technology

oracle banking treasury management 14.5

oracle flexcube universal banking 14.5.0

Vendor Advisories

Debian CVElist Bug Report Logs: libpdfbox2-java: CVE-2021-27906
Debian Bug report logs - #986008 libpdfbox2-java: CVE-2021-27906 Package: src:libpdfbox2-java; Maintainer for src:libpdfbox2-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 27 Mar 2021 18:57:06 UTC Severity: important Tag ...
Red Hat: CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file This issue affects Apache PDFBox version 2022 and prior 20x versions ...

References

NVD-CWE-Otherhttps://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd%40%3Cusers.pdfbox.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/03/19/10https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/rdf78aef4793362e778e21e34328b0456e302bde4b7e74f229df0ee04%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r64982b768c8a2220b07aaf813bd099a9863de0d13eb212fd4efe208f%40%3Cusers.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce8644fdc0e%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac67956686ad9b9%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba10543c3%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd68ccd3%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd4769fa6c%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133adc235ac%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Ehttps://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986008https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook