Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-41607 DESCRIPTION: Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which...

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

CVE-2026-33929

CVE-2026-33929 concerns Apache PDFBox Examples, specifically the ExtractEmbeddedFiles code path traversal. Affected: PDFBox 2.0.24–2.0.36 and 3.0.0–3.0.7. The vulnerability arises when extracting files, allowing write access to arbitrary paths if the user has write rights (examples mention /home/...

Vulnerabilities fixed in IBM FileNet Content manager

IBM has fixed two vulnerabilities in the PDFBox module in the FileNet Content Manager. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service by tricking a victim into processing a rogue PDF file or have it processed. IBM has released updates to...

pdfbox: OutOfMemory-Exception while loading a crafted PDF file

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions...

Security Bulletin: IBM DataQuant Fix for (All) Apache PDF Box (Publicly disclosed vulnerability)

Summary Advisory ADV00321067: CVE-2021-27807 and CVE-2021-27906 Vulnerability Details CVEID: CVE-2021-27807 DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially-crafted .PDF file, a remote attacker could explo...

pdfbox: unbounded computation in parser resulting in a denial of service

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

Apache PDFBox's AFMParser Denial of Service Vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. A denial-of-service vulnerability exists in Apache PDFBox's AFMParser, where an...

UBUNTU-CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

pdfbox: XML External Entity vulnerability

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...