https://bugzilla.redhat.com/show_bug.cgi?id=1941055
Bug ID: 1941055 Summary: CVE-2021-27807 pdfbox: infinite loop while loading crafted PDF file Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, akoufoud@redhat.com, alazarot@redhat.com, almorale@redhat.com, anstephe@redhat.com, bibryam@redhat.com, chazlett@redhat.com, drieden@redhat.com, etirelli@redhat.com, ggaughan@redhat.com, gmalinko@redhat.com, gvarsami@redhat.com, hbraun@redhat.com, ibek@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jochrist@redhat.com, jolee@redhat.com, jschatte@redhat.com, jstastny@redhat.com, jwon@redhat.com, kconner@redhat.com, krathod@redhat.com, kverlaen@redhat.com, ldimaggi@redhat.com, mnovotny@redhat.com, nwallace@redhat.com, pantinor@redhat.com, pjindal@redhat.com, puntogil@libero.it, rhel8-maint@redhat.com, rrajasek@redhat.com, rsynek@redhat.com, rwagner@redhat.com, sdaley@redhat.com, sergio@serjux.com, tcunning@redhat.com, tkirby@redhat.com Target Milestone: --- Classification: Other
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
References: https://www.openwall.com/lists/oss-security/2021/03/19/9 https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d38...
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1941056
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1941056 [Bug 1941056] CVE-2021-27807 pdfbox: infinite loop while loading crafted PDF file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created pdfbox tracking bugs for this issue:
Affects: fedora-all [bug 1941056]
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2021-27807 pdfbox: |CVE-2021-27807 pdfbox: |infinite loop while loading |infinite loop while loading |crafted PDF file |a crafted PDF file
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1941059
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #3 from Fedora Update System updates@fedoraproject.org --- FEDORA-2021-93469e0030 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #4 from Fedora Update System updates@fedoraproject.org --- FEDORA-2021-dc83ae690a has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #5 from Fedora Update System updates@fedoraproject.org --- FEDORA-2021-8b17a2725e has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
Jonathan Christison jochrist@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |pdfbox-2.0.23
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #8 from Jonathan Christison jochrist@redhat.com --- This vulnerability is out of security support scope for the following products:
* Red Hat JBoss Fuse 6 * Red Hat JBoss Fuse Service Works 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
https://bugzilla.redhat.com/show_bug.cgi?id=1941055 Bug 1941055 depends on bug 1941056, which changed state.
Bug 1941056 Summary: CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1941056
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #10 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Fuse 7.9
Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3140
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ERRATA Status|NEW |CLOSED Last Closed| |2021-08-11 19:29:06
--- Comment #11 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2021-27807
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--- Comment #12 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Integration
Via RHSA-2021:3205 https://access.redhat.com/errata/RHSA-2021:3205
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3205
java-sig-commits@lists.fedoraproject.org