#14805 closed enhancement (fixed)
pdfbox-2.0.23 and fontbox-2.0.23 (CVE-2021-27807 CVE-2021-27906)
Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | elevated | Milestone: | 11.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
New point versions of supplemental JARs for fop.
Security information:
CVE-2021-27807
[oss-security] CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file. Description: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions. Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue
CVE-2021-27906
[oss-security] CVE-2021-27906: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file Description: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions. This issue is being tracked as PDFBOX-5112 Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue
Change History (6)
comment:1 by , 4 years ago
Priority: | normal → elevated |
---|
comment:2 by , 4 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 4 years ago
In order to test this, I've made the LFS book by running "make pdf". Everything seems to be sane over there, so I'll proceed with getting MD5SUMS and sizes and then moving onto my next ticket :)
Note:
See TracTickets
for help on using tickets.
The new JARs have been released: