Source: libpdfbox2-java Version: 2.0.23-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: reassign -2 src:libpdfbox-java 1:1.8.16-2 Control: retitle -2 libpdfbox-java: CVE-2021-31811 CVE-2021-31812
Hi, The following vulnerabilities were published for libpdfbox2-java. CVE-2021-31811[0]: | In Apache PDFBox, a carefully crafted PDF file can trigger an | OutOfMemory-Exception while loading the file. This issue affects | Apache PDFBox version 2.0.23 and prior 2.0.x versions. CVE-2021-31812[1]: | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite | loop while loading the file. This issue affects Apache PDFBox version | 2.0.23 and prior 2.0.x versions. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31811 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31811 [1] https://security-tracker.debian.org/tracker/CVE-2021-31812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812 Please adjust the affected versions in the BTS as needed. Regards, Salvatore