https://bugzilla.redhat.com/show_bug.cgi?id=1971658
Bug ID: 1971658 Summary: CVE-2021-31812 pdfbox: infinite loop while loading a crafted PDF file Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, akoufoud@redhat.com, alazarot@redhat.com, almorale@redhat.com, anstephe@redhat.com, bibryam@redhat.com, chazlett@redhat.com, drieden@redhat.com, etirelli@redhat.com, ggaughan@redhat.com, gmalinko@redhat.com, gvarsami@redhat.com, hbraun@redhat.com, ibek@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jochrist@redhat.com, jolee@redhat.com, jrokos@redhat.com, jschatte@redhat.com, jstastny@redhat.com, jwon@redhat.com, kconner@redhat.com, krathod@redhat.com, kverlaen@redhat.com, ldimaggi@redhat.com, mnovotny@redhat.com, nwallace@redhat.com, pantinor@redhat.com, pjindal@redhat.com, puntogil@libero.it, rhel8-maint@redhat.com, rrajasek@redhat.com, rwagner@redhat.com, sergio@serjux.com, tcunning@redhat.com, tkirby@redhat.com, tzimanyi@redhat.com Target Milestone: --- Classification: Other
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
References: https://www.openwall.com/lists/oss-security/2021/06/12/1 https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004...
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1971659
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1971659 [Bug 1971659] CVE-2021-31812 pdfbox: infinite loop while loading a crafted PDF file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created pdfbox tracking bugs for this issue:
Affects: fedora-all [bug 1971659]
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1971661
https://bugzilla.redhat.com/show_bug.cgi?id=1971658 Bug 1971658 depends on bug 1971659, which changed state.
Bug 1971659 Summary: CVE-2021-31812 pdfbox: infinite loop while loading a crafted PDF file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1971659
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
--- Comment #2 from Jonathan Christison jochrist@redhat.com --- This vulnerability is out of security support scope for the following products:
* Red Hat JBoss BRMS 6 * Red Hat JBoss BPMS 6 * Red Hat JBoss Data Virtualization 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
--- Comment #3 from Jonathan Christison jochrist@redhat.com --- Fixing commit: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b...
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
Jonathan Christison jochrist@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |pdfbox-2.0.24
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
--- Comment #7 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Integration
Via RHSA-2021:4918 https://access.redhat.com/errata/RHSA-2021:4918
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:4918
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
--- Comment #8 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2021-31812
https://bugzilla.redhat.com/show_bug.cgi?id=1971658
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ERRATA Status|NEW |CLOSED Last Closed| |2021-12-02 16:38:46
java-sig-commits@lists.fedoraproject.org