Vulnerability Description
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Pdfbox | >= 2.0.0, <= 2.0.22 |
| Fedoraproject | Fedora | 32 |
| Oracle | Banking Trade Finance Process Management | 14.2.0 |
| Oracle | Banking Treasury Management | 14.5 |
| Oracle | Banking Virtual Account Management | 14.2.0 |
| Oracle | Communications Session Report Manager | >= 8.0.0, <= 8.2.4.0 |
| Oracle | Flexcube Universal Banking | >= 14.0.0, <= 14.3.0 |
| Oracle | Hyperion Financial Reporting | 11.1.2.4 |
| Oracle | Hyperion Infrastructure Technology | < 11.2.8.0 |
| Oracle | Outside In Technology | 8.5.5 |
| Oracle | Primavera Unifier | >= 17.7, <= 17.12 |
| Oracle | Retail Customer Management And Segmentation Foundation | 19.0 |
| Oracle | Retail Xstore Point Of Service | 16.0.6 |
| Oracle | Webcenter Sites | 12.2.1.3.0 |
| Oracle | Communications Messaging Server | 8.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/03/19/9Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e8
- https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266
- https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c77
- https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fff
- https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a
- https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d6
- https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd
- https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a8
- https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3
- https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b823290
- https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35
- https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c
FAQ
What is CVE-2021-27807?
CVE-2021-27807 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
How severe is CVE-2021-27807?
CVE-2021-27807 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27807?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Pdfbox, Fedoraproject Fedora, Oracle Banking Trade Finance Process Management, Oracle Banking Treasury Management, Oracle Banking Virtual Account Management.