Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)

Summary There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33929 DESCRIPTION: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples...

Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)

Summary There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33929 DESCRIPTION: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples...

Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017622 advisory. In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue...

Linux Distros Unpatched Vulnerability : CVE-2026-23907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example...

CVE-2026-23907

The CVE-2026-23907 entry affects the ExtractEmbeddedFiles example in Apache PDFBox (versions 2.0.24–2.0.36 and 3.0.0–3.0.7). It describes a path traversal (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. The issue could allow unintende...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apac...

EUVD-2018-0498

Malware in sbrugna...

EUVD-2018-0607

Malware in sbrugna...

EUVD-2022-4264

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-11797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page...

cc.catalysts.boot:cat-boot-report-pdf (=0.0.10), com.bit-scout:pdf-converter (=1.0.0) +227 more potentially affected by CVE-2018-8036 via org.apache.pdfbox:pdfbox (>=1.8.0 <=1.8.14)

org.apache.pdfbox:pdfbox MAVEN version =1.8.0, =0.6, =0.9, =3.0, =1.3.3-2.10, =0.0.2, =0.0.2, =1.0, =1.0, =1.0, =1.3 and more Source cves: CVE-2018-8036 Source advisory: OSV:GHSA-J2XQ-PFFF-MVGG...

GHSA-J2XQ-PFFF-MVGG Loop with Unreachable Exit Condition in Apache PDFBox

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +1759 more potentially affected by CVE-2021-31811 via org.apache.pdfbox:pdfbox (>=2.0.0 <=2.0.23)

org.apache.pdfbox:pdfbox MAVEN version =2.0.0, =0.2.1, =0.5.0, =0.11.1, =1.0.0, =1.0, =1.3.5, =0.1.8, =1.1.7 - cc.drx:pdf2.13 =ee - cc.drx:poi2.13 =ee and more Source cves: CVE-2021-31811 Source advisory: OSV:GHSA-FG3J-Q579-V8X4...

Denial Of Service (DoS)

pdfbox is vulnerable to denial of service. An attacker is able to cause an infinite loop by submitting a malicious PDF file...

Apache PDFBox 安全漏洞

Apache PDFBox is the United States Apache Apache Foundation of a Java-based open source language tool library . The product provides PDF document creation and editing and other functions. Apache PDFBox there is a security vulnerability , an attacker can exploit the vulnerability by crafting a PDF...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +1718 more potentially affected by CVE-2021-27906 via org.apache.pdfbox:pdfbox (>=2.0.0 <=2.0.22)

org.apache.pdfbox:pdfbox MAVEN version =2.0.0, =0.2.1, =0.5.0, =0.11.1, =1.0.0, =1.0, =1.3.5, =0.1.8, =1.1.7 - cc.drx:pdf2.13 =ee - cc.drx:poi2.13 =ee and more Source cves: CVE-2021-27906 Source advisory: OSV:GHSA-6VQP-H455-42MR...

Apache PDFBox Memory Overflow Vulnerability

Apache PDFBox is the United States Apache Apache Foundation of a Java-based open source language tool library . The product provides PDF document creation and editing and other functions. Apache PDFBox has a security vulnerability that stems from the fact that a carefully crafted PDF file can...

GHSA-GX96-VGF7-HWFG In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

cc.catalysts.boot:cat-boot-report-pdf (=0.0.10), com.bit-scout:pdf-converter (=1.0.0) +227 more potentially affected by CVE-2018-11797 via org.apache.pdfbox:pdfbox (>=1.8.0 <=1.8.15)

org.apache.pdfbox:pdfbox MAVEN version =1.8.0, =0.6, =0.9, =3.0, =1.3.3-2.10, =0.0.2, =0.0.2, =1.0, =1.0, =1.0, =1.3 and more Source cves: CVE-2018-11797 Source advisory: OSV:GHSA-GX96-VGF7-HWFG...