CVE-2026-23907 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2026-23907

Summary (CVE-2026-23907) Apache PDFBox’s ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. Affected versions: 2.0.24–2.0.35 and 3.0.0–3.0.6. Subsequent releases 2.0.3...

CVE-2026-23907 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

Apache PDFBox 路径遍历漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions 2.0.24 to 2.0.35, as well as 3.0.0 to 3.0.6 of Apache PDFBox, have a path traversal vulnerability. This...

PT-2026-24199

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example within Apache PDFBox contains a path traversal issue. The filename obtained from...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apac...

EUVD-2021-1242

Malware in sbrugna...

EUVD-2021-0975

Malware in sbrugna...

EUVD-2021-1315

Malware in sbrugna...

EUVD-2021-1279

Malware in sbrugna...

EUVD-2018-0607

Malware in sbrugna...

EUVD-2018-0498

Malware in sbrugna...

EUVD-2019-0587

Malware in sbrugna...

EUVD-2022-4264

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-27906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x...

Linux Distros Unpatched Vulnerability : CVE-2021-31811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and...

Linux Distros Unpatched Vulnerability : CVE-2018-8036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory excepti...

Linux Distros Unpatched Vulnerability : CVE-2021-31812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior...