https://bugzilla.redhat.com/show_bug.cgi?id=1971648
Bug ID: 1971648 Summary: CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, akoufoud@redhat.com, alazarot@redhat.com, almorale@redhat.com, anstephe@redhat.com, bibryam@redhat.com, chazlett@redhat.com, drieden@redhat.com, etirelli@redhat.com, ggaughan@redhat.com, gmalinko@redhat.com, gvarsami@redhat.com, hbraun@redhat.com, ibek@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jochrist@redhat.com, jolee@redhat.com, jrokos@redhat.com, jschatte@redhat.com, jstastny@redhat.com, jwon@redhat.com, kconner@redhat.com, krathod@redhat.com, kverlaen@redhat.com, ldimaggi@redhat.com, mnovotny@redhat.com, nwallace@redhat.com, pantinor@redhat.com, pjindal@redhat.com, puntogil@libero.it, rhel8-maint@redhat.com, rrajasek@redhat.com, rwagner@redhat.com, sergio@serjux.com, tcunning@redhat.com, tkirby@redhat.com, tzimanyi@redhat.com Target Milestone: --- Classification: Other
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
References: https://www.openwall.com/lists/oss-security/2021/06/12/2 https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f714...
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1971649
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1971649 [Bug 1971649] CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created pdfbox tracking bugs for this issue:
Affects: fedora-all [bug 1971649]
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1971661
https://bugzilla.redhat.com/show_bug.cgi?id=1971648 Bug 1971648 depends on bug 1971649, which changed state.
Bug 1971649 Summary: CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1971649
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
--- Comment #2 from Jonathan Christison jochrist@redhat.com --- This vulnerability is out of security support scope for the following products:
* Red Hat JBoss Fuse 6 * Red Hat JBoss BRMS 5 * Red Hat JBoss BRMS 6 * Red Hat JBoss Data Virtualization 6 * Red Hat JBoss Fuse Service Works
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
--- Comment #5 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Integration
Via RHSA-2021:3205 https://access.redhat.com/errata/RHSA-2021:3205
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3205
https://bugzilla.redhat.com/show_bug.cgi?id=1971648
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ERRATA Status|NEW |CLOSED Last Closed| |2021-08-18 13:28:26
--- Comment #6 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2021-31811
java-sig-commits@lists.fedoraproject.org