A vulnerability, which was classified as problematic, was found in Apache PDFbox up to 2.0.23. This affects some unknown processing of the component PDF File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8 CVSS Vector- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.
Vulnerable software versions
PDFBox: 2.0, 2.0.0, 2.0.0 RC1, 2.0.0 RC2, 2.0.0 RC3, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23
Install updates from vendor’s website.