Opened 3 years ago
Last modified 3 years ago
#14805 closed enhancement
pdfbox-2.0.23 and fontbox-2.0.23 (CVE-2021-27807 CVE-2021-27906) — at Version 3
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
New point versions of supplemental JARs for fop.
Security information:
CVE-2021-27807
[oss-security] CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file. Description: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions. Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue
CVE-2021-27906
[oss-security] CVE-2021-27906: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file Description: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions. This issue is being tracked as PDFBOX-5112 Credit: Apache PDFBox would like to thank Fabian Meumertzheim for reporting this issue
Change History (3)
comment:1 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:2 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
The new JARs have been released:
Release Notes -- Apache PDFBox -- Version 2.0.23 Introduction ------------ The Apache PDFBox library is an open source Java tool for working with PDF documents. This is an incremental bugfix release based on the earlier 2.0.23 release. It contains a couple of fixes and small improvements. For more details on these changes and all the other fixes and improvements included in this release, please refer to the following issues on the PDFBox issue tracker at https://issues.apache.org/jira/browse/PDFBOX. Bug [PDFBOX-3000] - Transparency Group issues [PDFBOX-4398] - getLastSignatureDictionary modifies internal structure of PDDocument [PDFBOX-5050] - NullPointerexception in AcroFormOrphanWidgetsProcessor.resolveNonRootField() [PDFBOX-5060] - AcroForm PDTextField formatting lost when setting value [PDFBOX-5063] - testCreateCheckBox fails on travis / github [PDFBOX-5072] - java.lang.IndexOutOfBoundsException [PDFBOX-5078] - Failure to modify cropBox when splitting a PDF Page vertically into 2 pieces [PDFBOX-5080] - Type1Parser.parseASCII throws inconsistent exceptions [PDFBOX-5081] - CFFParser.ByteSource.readRealNumber can better throw IOException [PDFBOX-5090] - Missing text extraction under certain conditions starting with apache pdfbox 2.0.18 [PDFBOX-5091] - Performance issue when converting PDF to image after upgrading from PDFBox 2.0.20 to 2.0.21 [PDFBOX-5094] - Wrong glyph when rendering a symbolic TTF font with WinANSIEncoding [PDFBOX-5100] - Sometimes unneeded message "Removed /IDTree from /Names dictionary, doesn't belong there" [PDFBOX-5104] - ArrayIndexOutOfBoundsException in isOwnerPassword [PDFBOX-5105] - IllegalArgumentException in computeEncryptedKeyRev56 [PDFBOX-5106] - IllegalArgumentException in PDFObjectStreamParser.privateReadObjectNumbers [PDFBOX-5107] - ClassCastException in COSStream.getFilterList [PDFBOX-5108] - ArrayIndexOutOfBoundsException in PDFXrefStreamParser.parseValue [PDFBOX-5115] - U+00AD ('sfthyphen') is not available in this font Times-Roman encoding: WinAnsiEncoding [PDFBOX-5123] - OS2WindowsMetricsTable "version" variable confused with OpenType specification version [PDFBOX-5124] - Improperly declared OS2WindowsMetricsTable version (v0 table declard as v3) in embedded font stops parsing with EOFException Improvement [PDFBOX-3017] - Improve document signing [PDFBOX-5055] - Minor improvement [PDFBOX-5103] - Allow reuse of subsetted fonts by inverting the ToUnicode CMap [PDFBOX-5110] - improve performance in signature validation [PDFBOX-5112] - Add more checks to PDFXrefStreamParser and reduce memory footprint [PDFBOX-5116] - Add rotated box to ShowColorBoxes.java example [PDFBOX-5121] - Use StringBuilder for key in PDDeviceN.toRGBWithTintTransform() [PDFBOX-5122] - Don't use RGB loop in PDDeviceN.toRGBWithTintTransform() Task [PDFBOX-5045] - testFlattenOpenOfficeForm() has differences [PDFBOX-5057] - Review CCITTFaxDecoder updates Release Contents ---------------- This release consists of a single source archive packaged as a zip file. The archive can be unpacked with the jar tool from your JDK installation. See the README.txt file for instructions on how to build this release. The source archive is accompanied by a SHA512 checksum and a PGP signature that you can use to verify the authenticity of your download. The public key used for the PGP signature can be found at https://www.apache.org/dist/pdfbox/KEYS.