[OFBIZ-12256] Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: Release Branch 17.12, 18.12.01
Component/s: framework/security
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

CVE-2021-31811: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVE-2021-31812: a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

Attachments

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Jun/21 06:53

Updated:: 13/Jun/21 07:24

Resolved:: 13/Jun/21 07:21