PDFBOX (used by fop) 2.0.24
|Reported by:||Owned by:||Douglas R. Reno|
From the oss-security list: Description:
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
This issue is being tracked as PDFBOX-5177
This issue was fixed in 2.0.24. All users are recommended to upgrade to Apache PDFBox 2.0.24
Apache PDFBox would like to thank Chaoyuan Peng for reporting this issue
That shows it is CVE-2021-31812
Although we do not list pdfbox in our index, 2.0.23 is a required download on the fop page.