GHSA-2h3j-m7gr-25xj

Suggest an improvement
Source
https://github.com/advisories/GHSA-2h3j-m7gr-25xj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-2h3j-m7gr-25xj/GHSA-2h3j-m7gr-25xj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2h3j-m7gr-25xj
Aliases
Published
2021-06-16T17:56:46Z
Modified
2024-03-15T05:17:16.776669Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Excessive Iteration Denial of Service in Apache PDFBox
Details

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Database specific
{
    "nvd_published_at": "2021-03-19T16:15:00Z",
    "cwe_ids": [
        "CWE-834"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T18:45:15Z"
}
References

Affected packages

Maven / org.apache.pdfbox:pdfbox

Package

Name
org.apache.pdfbox:pdfbox
View open source insights on deps.dev
Purl
pkg:maven/org.apache.pdfbox/pdfbox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.23

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22