Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2021-27807
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 5.5/10
- Exploit Score
- 1.8/10
- Access Vector
- Local
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- Required
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:* |
Yes
|
2.0.0 | - | |
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* |
Yes
|
17.7 | - | |
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* |
Yes
|
14.0.0 | - | |
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_customer_management_and_segmentation |
Yes
|
- | - | |
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_trade_finance_process_management:14 |
Yes
|
- | - | |
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.6.0:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_trade_finance_process_management:14 |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_session_report_manager:*:*:* |
Yes
|
8.0.0 | - | |
cpe:2.3:a:oracle:banking_trade_finance_process_management:14 |
Yes
|
- | - | |
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*: |
Yes
|
- | 11.2.8.0 | |
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:*:*:*:*:* |
Yes
|
- | - |
References
- https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398b
- http://www.openwall.com/lists/oss-security/2021/03/19/9
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fffb52b94fb
- https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e88b8792db
- https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3d
- https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce864
- https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac6795668
- https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba1
- https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd
- https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd47
- https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133ad
- https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34b
- https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7b
- https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69