CVE-2021-27807

Published: Mar 19, 2021

Modified: Feb 13, 2025

PUBLISHED

Description

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Vendor	Product	Versions
Apache Software Foundation	Apache PDFBox	affected `Apache PDFBox - <= 2.0.22`

Weaknesses (CWE)

CWE-834

References

https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb%40%3Cusers.pdfbox.apache.org%3E

x_refsource_MISC

[pdfbox-users] 20210319 CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file

mailing-list

x_refsource_MLIST

[oss-security] 20210319 CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file

mailing-list

x_refsource_MLIST

[pdfbox-users] 20210320 CVE-2021-27807: Apache PDFBox: a carefully crafted PDF file can trigger an infinite loop while loading the file

mailing-list

x_refsource_MLIST

[announce] 20210320 CVE-2021-27807: Apache PDFBox: a carefully crafted PDF file can trigger an infinite loop while loading the file

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210321 [ofbiz-framework] branch trunk updated: Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210321 [jira] [Created] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210321 [jira] [Commented] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210321 [jira] [Updated] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210321 [ofbiz-framework] branch release17.12 updated: Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210321 [jira] [Closed] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210321 [ofbiz-framework] branch release18.12 updated: Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)

mailing-list

x_refsource_MLIST

[pdfbox-dev] 20210322 OSS-Fuzz integration

mailing-list

x_refsource_MLIST

FEDORA-2021-93469e0030

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-8b17a2725e

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-dc83ae690a

vendor-advisory

x_refsource_FEDORA

[ofbiz-notifications] 20210405 [jira] [Updated] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

mailing-list

x_refsource_MLIST

[james-notifications] 20210501 [GitHub] [james-project] chibenwa opened a new pull request #414: [UPGRADE] Adopt Apache Tika 1.26

mailing-list

x_refsource_MLIST

[pdfbox-dev] 20210518 CVE's

mailing-list

x_refsource_MLIST

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-27807

Description

Affected Products

Weaknesses (CWE)

References