CVE-2021-27906

moderate-risk

Published 2021-03-19

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Do I need to act?

0.65% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Pdfbox

Fedora

Banking Corporate Lending Process Management

Banking Credit Facilities Process Management

Banking Supply Chain Finance

Banking Trade Finance Process Management

Banking Treasury Management

Banking Virtual Account Management

Affected Vendors

Apache Oracle Fedoraproject

References (44)

Mailing List http://www.openwall.com/lists/oss-security/2021/03/19/10

https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266...

https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c77...

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a...

https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d6...

https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd...

https://lists.apache.org/thread.html/r64982b768c8a2220b07aaf813bd099a9863de0d13e...

https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a8...

https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3...

https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b823290...

https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35...

https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c...

https://lists.apache.org/thread.html/rdf78aef4793362e778e21e34328b0456e302bde4b7...

https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133ca...

Mailing List https://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc651...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Patch https://www.oracle.com//security-alerts/cpujul2021.html

and 24 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 24/34 · High