Vulnerability Name: CVE-2021-31811 (CCN-203615) Assigned: 2021-06-12 Published: 2021-06-12 Updated: 2022-07-25 Summary: In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-770 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2021-31811 [oss-security] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file apache-pdfbox-cve202131811-dos(203615) [ofbiz-notifications] 20210613 [jira] [Commented] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 [ofbiz-commits] 20210613 [ofbiz-framework] branch release17.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256) [ofbiz-commits] 20210613 [ofbiz-framework] branch trunk updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256) [ofbiz-notifications] 20210613 [jira] [Created] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 [ofbiz-notifications] 20210613 [jira] [Closed] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 [ofbiz-commits] 20210613 [ofbiz-framework] branch release18.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256) CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E [pdfbox-users] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file [announce] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file [ofbiz-notifications] 20210613 [jira] [Updated] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 FEDORA-2021-4a9ead5fff FEDORA-2021-3d94c14be4 Apache PDFBox CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file Multiple Apache PDFBox security vulnerabilities Watson Explorer is affected by Apache PDFBox vulnerabilities (CVE-2021-27807, CVE-2021-27906, CVE-2021-31811, CVE-2021-31812) Apache PDFBox Vulnerabilities Affect IBM Control Center (CVE-2021-31811, CVE-2021-31812) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox [All] Apache PDFBox (Publicly disclosed vulnerability) IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities IBM Watson Compare and Comply for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-31811, CVE-2021-31812) IBM Cognos Analytics has addressed multiple vulnerabilities Multiple security vulnerabilities with IBM FileNet Content Manager component in IBM Business Automation Workflow -CVE-2021-31811, CVE-2021-31812, CVE-2021-23926, CVE-2021-38965 IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965) N/A https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html N/A https://www.oracle.com/security-alerts/cpuoct2021.html Vulnerable Configuration: Configuration 1 :cpe:/a:apache:pdfbox:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.0.23)Configuration 2 :cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:* Configuration 3 :cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12) OR cpe:/a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.3.0) OR cpe:/a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:* OR cpe:/o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:* BACK
apache pdfbox *
fedoraproject fedora 33
fedoraproject fedora 34
oracle primavera unifier 18.8
oracle primavera unifier *
oracle flexcube universal banking *
oracle outside in technology 8.5.5
oracle primavera unifier 19.12
oracle primavera unifier 20.12
oracle banking credit facilities process management 14.3.0
oracle banking corporate lending process management 14.3.0
oracle communications messaging server 8.1
oracle banking supply chain finance 14.2.0
oracle banking credit facilities process management 14.2.0
oracle banking credit facilities process management 14.5.0
oracle banking corporate lending process management 14.2.0
oracle banking corporate lending process management 14.5.0
oracle banking supply chain finance 14.5.0
oracle banking supply chain finance 14.3.0
oracle retail customer management and segmentation foundation 18.1
oracle banking trade finance 14.5
oracle banking treasury management 14.5
oracle flexcube universal banking 14.5
Denotes that component is vulnerable