In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. References: https://www.openwall.com/lists/oss-security/2021/06/12/1 https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E
Created pdfbox tracking bugs for this issue: Affects: fedora-all [bug 1971659]
This vulnerability is out of security support scope for the following products: * Red Hat JBoss BRMS 6 * Red Hat JBoss BPMS 6 * Red Hat JBoss Data Virtualization 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Fixing commit: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
This issue has been addressed in the following products: Red Hat Integration Via RHSA-2021:4918 https://access.redhat.com/errata/RHSA-2021:4918
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-31812