[Bugs] [Bug 13295] New: [CVE 21] pdfbox 2.0.19 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Май 3 17:01:45 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13295

          Platform: 2021.1
            Bug ID: 13295
           Summary: [CVE 21] pdfbox 2.0.19  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2021-27807, CVE-2021-27906, CVE-2021-31811,
                    CVE-2021-31812,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package pdfbox version 2.0.19

INFO (CVEs are): pdfbox 2.0.19
 cves found
CVE-2021-27807
Desc: A carefully crafted PDF file can trigger an infinite loop while loading
the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x
versions.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-27807
Severity: MEDIUM
CVE-2021-27906
Desc: A carefully crafted PDF file can trigger an OutOfMemory-Exception while
loading the file. This issue affects Apache PDFBox version 2.0.22 and prior
2.0.x versions.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-27906
Severity: MEDIUM
CVE-2021-31811
Desc: In Apache PDFBox, a carefully crafted PDF file can trigger an
OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox
version 2.0.23 and prior 2.0.x versions.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-31811
Severity: MEDIUM
CVE-2021-31812
Desc: In Apache PDFBox, a carefully crafted PDF file can trigger an infinite
loop while loading the file. This issue affects Apache PDFBox version 2.0.23
and prior 2.0.x versions.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-31812
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/4b222135/attachment.html>

Подробная информация о списке рассылки Bugs