A vulnerability, which was classified as problematic, was found in Apache PDFbox up to 2.0.23. This affects some unknown processing of the component PDF File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8 CVSS Vector- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.
Vulnerable software versions
PDFBox: 2.0, 2.0.0, 2.0.0 RC1, 2.0.0 RC2, 2.0.0 RC3, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23
Basic Matrices
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | None |
| User Interaction: | Required |
| Scope: | Unchanged |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software | PDFBox |
| Vendor | Apache Foundation |
CIA Impact
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | HIGH |
| Risk: | Medium |
Mitigation
Install updates from vendor’s website.
