Pdfbox Security Vulnerabilities and Issues — Pdfbox CVE List

ApachePdfbox

10 matches found

CVE•added 2021/06/12 9:45 a.m.•197 views

CVE-2021-31812

Apache PDFBox vulnerability CVE-2021-31812: a specially crafted PDF can trigger an infinite loop while loading, affecting version 2.0.23 and all prior 2.0.x. Impact is listed as High for availability (DoS via resource exhaustion). The provided documents confirm the affected product/component and ...

5.5CVSS5.6AI score0.00231EPSS

CVE•added 2021/06/12 9:45 a.m.•190 views

CVE-2021-31811

CVE-2021-31811: Apache PDFBox 2.0.23 and earlier is vulnerable to an OutOfMemoryError when loading a crafted PDF. IBM/QRadar advisories confirm the issue and recommend upgrading PDFBox to v2.0.24 (via PJ46568 iFix/FIXPACK) or newer.

5.5CVSS5.6AI score0.00208EPSS

CVE•added 2021/03/19 4:5 p.m.•181 views

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

5.5CVSS5.6AI score0.00492EPSS

CVE•added 2021/03/19 4:5 p.m.•179 views

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

5.5CVSS5.6AI score0.00647EPSS

CVE•added 2016/06/01 8:0 p.m.•145 views

CVE-2016-2175

CVE-2016-2175 is an XXE vulnerability in Apache PDFBox. The issue arises because PDFBox’s XML parsers are not properly initialized when processing XML data inside PDFs, allowing context-dependent attackers to craft PDFs that cause XML External Entity (XXE) attacks. Affected products include PDFBo...

7.8CVSS7.3AI score0.05893EPSS

CVE•added 2019/04/17 2:7 p.m.•142 views

CVE-2019-0228

CVE-2019-0228 affects Apache PDFBox 2.0.14, enabling an XML External Entity (XXE) attack via crafted XFDF. IBM advisories fix the vulnerability by upgrading IBM Operations Analytics - Log Analysis to version 1.3.7 (PDFBox handling) and Fedora advisories show a PDFBox update to 2.0.16. The vulnera...

9.8CVSS8.9AI score0.13027EPSS

CVE•added 2018/10/05 8:0 p.m.•139 views

CVE-2018-11797

CVE-2018-11797 affects Apache PDFBox 1.8.0–1.8.15 and 2.0.0-RC1–2.0.11, where parsing the PDF page tree can trigger an extremely long computation (denial of service). The issue is caused by the page-tree parsing logic; exploitation details are not provided in the documents. Connected sources conf...

5.5CVSS5.5AI score0.0162EPSS

CVE•added 2018/07/03 8:0 p.m.•118 views

CVE-2018-8036

CVE-2018-8036 affects Apache PDFBox (versions 1.8.0–1.8.14 and 2.0.0RC1–2.0.10). A carefully crafted file can trigger an infinite loop in PDFBox’s AFMParser, causing memory exhaustion (DoS). Public details in connected IBM/IBM-Log-Analysis-related advisories confirm the issue and link to fixes, e...

6.5CVSS5.8AI score0.00591EPSS

CVE•added 2026/04/14 8:9 a.m.•59 views

CVE-2026-33929

CVE-2026-33929 concerns Apache PDFBox Examples, specifically the ExtractEmbeddedFiles code path traversal. Affected: PDFBox 2.0.24–2.0.36 and 3.0.0–3.0.7. The vulnerability arises when extracting files, allowing write access to arbitrary paths if the user has write rights (examples mention /home/...

4.3CVSS5.8AI score0.00258EPSS

CVE•added 2026/03/10 9:43 a.m.•29 views

CVE-2026-23907

The CVE-2026-23907 entry affects the ExtractEmbeddedFiles example in Apache PDFBox (versions 2.0.24–2.0.36 and 3.0.0–3.0.7). It describes a path traversal (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. The issue could allow unintende...

5.3CVSS5.8AI score0.00047EPSS