Vulnerability Description
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Pdfbox | >= 2.0.0, <= 2.0.22 |
| Fedoraproject | Fedora | 32 |
| Oracle | Banking Corporate Lending Process Management | 14.2.0 |
| Oracle | Banking Credit Facilities Process Management | 14.2.0 |
| Oracle | Banking Supply Chain Finance | 14.2.0 |
| Oracle | Banking Trade Finance Process Management | 14.2.0 |
| Oracle | Banking Treasury Management | 14.5 |
| Oracle | Banking Virtual Account Management | 14.2.0 |
| Oracle | Communications Session Report Manager | >= 8.0.0, <= 8.2.4.0 |
| Oracle | Flexcube Universal Banking | >= 14.0.0, <= 14.3.0 |
| Oracle | Hyperion Financial Reporting | 11.1.2.4 |
| Oracle | Hyperion Infrastructure Technology | < 11.2.8.0 |
| Oracle | Outside In Technology | 8.5.5 |
| Oracle | Peoplesoft Enterprise Peopletools | 8.58 |
| Oracle | Primavera Unifier | >= 17.7, <= 17.12 |
| Oracle | Retail Customer Management And Segmentation Foundation | 19.0 |
| Oracle | Retail Xstore Point Of Service | 16.0.6 |
| Oracle | Webcenter Sites | 12.2.1.3.0 |
| Oracle | Communications Messaging Server | 8.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/03/19/10Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266
- https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c77
- https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a
- https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d6
- https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd
- https://lists.apache.org/thread.html/r64982b768c8a2220b07aaf813bd099a9863de0d13e
- https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a8
- https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3
- https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b823290
- https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35
- https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c
- https://lists.apache.org/thread.html/rdf78aef4793362e778e21e34328b0456e302bde4b7
- https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133ca
- https://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc651Mailing ListVendor Advisory
FAQ
What is CVE-2021-27906?
CVE-2021-27906 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
How severe is CVE-2021-27906?
CVE-2021-27906 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27906?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Pdfbox, Fedoraproject Fedora, Oracle Banking Corporate Lending Process Management, Oracle Banking Credit Facilities Process Management, Oracle Banking Supply Chain Finance.