Vulnerability Description
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Pdfbox | >= 2.0.0, <= 2.0.23 |
| Fedoraproject | Fedora | 33 |
| Oracle | Banking Corporate Lending Process Management | 14.2.0 |
| Oracle | Banking Credit Facilities Process Management | 14.2.0 |
| Oracle | Banking Supply Chain Finance | 14.2.0 |
| Oracle | Banking Trade Finance | 14.5 |
| Oracle | Banking Treasury Management | 14.5 |
| Oracle | Flexcube Universal Banking | >= 14.0.0, <= 14.3.0 |
| Oracle | Outside In Technology | 8.5.5 |
| Oracle | Primavera Unifier | >= 17.7, <= 17.12 |
| Oracle | Retail Customer Management And Segmentation Foundation | 18.1 |
| Oracle | Communications Messaging Server | 8.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/06/12/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a
- https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e
- https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af442
- https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7
- https://lists.apache.org/thread.html/rd4b6db6c3b8ab3c70f1c3bbd725a40920896453ffc
- https://lists.apache.org/thread.html/re0cacd3fb337cdf8469853913ed2b4ddd8f8bfc52f
- https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f7140280Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f7140280Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/rf937c2236e6c79cdb99f76a70690dd345e53dbe070
- https://lists.apache.org/thread.html/rfe26bcaba564deb505c32711ba68df7ec589797dcd
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-31811?
CVE-2021-31811 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
How severe is CVE-2021-31811?
CVE-2021-31811 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31811?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Pdfbox, Fedoraproject Fedora, Oracle Banking Corporate Lending Process Management, Oracle Banking Credit Facilities Process Management, Oracle Banking Supply Chain Finance.