Lucene search
K
ApachePdfbox

10 matches found

CVE
CVE
added 2021/06/12 9:45 a.m.207 views

CVE-2021-31812

Apache PDFBox vulnerability CVE-2021-31812: a specially crafted PDF can trigger an infinite loop while loading, affecting version 2.0.23 and all prior 2.0.x. Impact is listed as High for availability (DoS via resource exhaustion). The provided documents confirm the affected product/component and ...

5.5CVSS5.6AI score0.03054EPSS
CVE
CVE
added 2021/06/12 9:45 a.m.196 views

CVE-2021-31811

CVE-2021-31811: Apache PDFBox 2.0.23 and earlier is vulnerable to an OutOfMemoryError when loading a crafted PDF. IBM/QRadar advisories confirm the issue and recommend upgrading PDFBox to v2.0.24 (via PJ46568 iFix/FIXPACK) or newer.

5.5CVSS5.6AI score0.03445EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.186 views

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

5.5CVSS5.6AI score0.02979EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.185 views

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

5.5CVSS5.6AI score0.03337EPSS
CVE
CVE
added 2016/06/01 8:0 p.m.152 views

CVE-2016-2175

CVE-2016-2175 is an XXE vulnerability in Apache PDFBox. The issue arises because PDFBox’s XML parsers are not properly initialized when processing XML data inside PDFs, allowing context-dependent attackers to craft PDFs that cause XML External Entity (XXE) attacks. Affected products include PDFBo...

7.8CVSS7.3AI score0.04758EPSS
CVE
CVE
added 2019/04/17 2:7 p.m.150 views

CVE-2019-0228

CVE-2019-0228 affects Apache PDFBox 2.0.14, enabling an XML External Entity (XXE) attack via crafted XFDF. IBM advisories fix the vulnerability by upgrading IBM Operations Analytics - Log Analysis to version 1.3.7 (PDFBox handling) and Fedora advisories show a PDFBox update to 2.0.16. The vulnera...

9.8CVSS8.9AI score0.09451EPSS
CVE
CVE
added 2018/10/05 8:0 p.m.147 views

CVE-2018-11797

CVE-2018-11797 affects Apache PDFBox 1.8.0–1.8.15 and 2.0.0-RC1–2.0.11, where parsing the PDF page tree can trigger an extremely long computation (denial of service). The issue is caused by the page-tree parsing logic; exploitation details are not provided in the documents. Connected sources conf...

5.5CVSS5.5AI score0.04024EPSS
CVE
CVE
added 2018/07/03 8:0 p.m.124 views

CVE-2018-8036

CVE-2018-8036 affects Apache PDFBox (versions 1.8.0–1.8.14 and 2.0.0RC1–2.0.10). A carefully crafted file can trigger an infinite loop in PDFBox’s AFMParser, causing memory exhaustion (DoS). Public details in connected IBM/IBM-Log-Analysis-related advisories confirm the issue and link to fixes, e...

6.5CVSS5.8AI score0.04834EPSS
CVE
CVE
added 2026/04/14 8:9 a.m.116 views

CVE-2026-33929

CVE-2026-33929 concerns Apache PDFBox Examples, specifically the ExtractEmbeddedFiles code path traversal. Affected: PDFBox 2.0.24–2.0.36 and 3.0.0–3.0.7. The vulnerability arises when extracting files, allowing write access to arbitrary paths if the user has write rights (examples mention /home/...

4.3CVSS5.8AI score0.00711EPSS
CVE
CVE
added 2026/03/10 9:43 a.m.58 views

CVE-2026-23907

Summary (CVE-2026-23907) Apache PDFBox’s ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. Affected versions: 2.0.24–2.0.35 and 3.0.0–3.0.6. Subsequent releases 2.0.3...

5.3CVSS5.8AI score0.00886EPSS