Apache PDFbox up to 2.0.23 PDF File infinite loop [CVE-2021-31812]

A vulnerability, which was classified as problematic, was found in Apache PDFbox up to 2.0.23. This affects some unknown processing of the component PDF File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

  Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8 
CVSS Vector- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

Vulnerable software versions

PDFBox: 2.0, 2.0.0, 2.0.0 RC1, 2.0.0 RC2, 2.0.0 RC3, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23

Basic Matrices

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope:  Unchanged
Exploitation vector Network
Public exploit N/A
Vulnerable software PDFBox
Vendor Apache Foundation

CIA Impact 

Confidentiality Impact: None
Integrity Impact: None
Availability Impact: HIGH
Risk: Medium

  Mitigation

Install updates from vendor’s website.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-5288 : SICK SIM1012 Access Control

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

Description An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

Description A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an