Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2021-31812

Low priority
Needs evaluation

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpdfbox2-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-31811

Low priority
Needs evaluation

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpdfbox2-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-27906

Medium priority
Vulnerable

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpdfbox2-java Needs evaluation Needs evaluation Vulnerable Vulnerable Not in release
Show less packages

CVE-2021-27807

Medium priority
Vulnerable

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpdfbox2-java Needs evaluation Needs evaluation Vulnerable Vulnerable Not in release
Show less packages

CVE-2019-0228

Medium priority
Not affected

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Not affected Not affected
libpdfbox2-java Not affected Not in release
Show less packages

CVE-2018-11797

Medium priority

Some fixes available 4 of 5

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Not affected Not affected Not affected Fixed Vulnerable
libpdfbox2-java Not affected Not affected Not affected Fixed Not in release
Show less packages

CVE-2018-8036

Low priority

Some fixes available 2 of 5

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

2 affected packages

libpdfbox-java, libpdfbox2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Not affected Not affected Not affected Fixed Vulnerable
libpdfbox2-java Not affected Not affected Not affected Fixed Not in release
Show less packages

CVE-2016-2175

Medium priority

Some fixes available 1 of 3

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

1 affected packages

libpdfbox-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpdfbox-java Not affected Not affected Not affected Not affected Vulnerable
Show less packages