Org.apache.pdfbox:pdfbox
This hub aggregates every CVE we track for Org.apache.pdfbox:pdfbox, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Org.apache.pdfbox:pdfbox.
- CVE-2021-31811A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file5.5
- CVE-2021-31812A carefully crafted PDF file can trigger an infinite loop while loading the file5.5
- CVE-2021-27906A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file5.5
- CVE-2021-27807A carefully crafted PDF file can trigger an infinite loop while loading the file5.5
- CVE-2019-0228Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.9.8
- CVE-2018-11797In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.5.5
- CVE-2018-8036In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.6.5
- CVE-2016-2175Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.7.8
Product normalization is registry-driven with AI assist and human review. How it works