Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Pdfbox
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31811 2 Apache, Fedoraproject 2 Pdfbox, Fedora 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-27906 2 Apache, Fedoraproject 2 Pdfbox, Fedora 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2021-27807 2 Apache, Fedoraproject 2 Pdfbox, Fedora 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2021-31812 2 Apache, Fedoraproject 2 Pdfbox, Fedora 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2019-0228 1 Apache 1 Pdfbox 2021-10-20 7.5 HIGH 9.8 CRITICAL
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
CVE-2018-11797 3 Apache, Fedoraproject, Oracle 3 Pdfbox, Fedora, Retail Xstore Point Of Service 2021-05-21 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
CVE-2018-8036 1 Apache 1 Pdfbox 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
CVE-2016-2175 2 Apache, Debian 2 Pdfbox, Debian Linux 2018-10-09 7.5 HIGH 7.8 HIGH
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.