[
https://issues.apache.org/jira/browse/TIKA-3448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison resolved TIKA-3448.
-------------------------------
Fix Version/s: 1.27
Resolution: Fixed
Thank you for opening this issue. We've already upgraded, and we'll likely cut
a release for 1.27 in the next few weeks.
> Upgrade version for TPS: pdfbox to 2.0.24
> -----------------------------------------
>
> Key: TIKA-3448
> URL: https://issues.apache.org/jira/browse/TIKA-3448
> Project: Tika
> Issue Type: Bug
> Affects Versions: 1.25, 1.26
> Reporter: Shubhangi Raut
> Priority: Major
> Fix For: 1.27
>
>
> Latest tika-bundle uses pdfbox version 2.0.23.
> As per National Vulnerability Database, pdfbox-2.0.23 and earlier have
> following vulnerabilities:
>
> [CVE-2021-31811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31811]:
> In Apache PDFBox, a carefully crafted PDF file can trigger an
> OutOfMemory-Exception while loading the file. This issue affects Apache
> PDFBox version 2.0.23 and prior 2.0.x versions.
>
> [CVE-2021-31812|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812]:
> In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop
> while loading the file. This issue affects Apache PDFBox version 2.0.23 and
> prior 2.0.x versions.
> pdfbox-2.0.24 is non-vulnerable version available right now, released on 10th
> June. Please consider upgrading to it in upcoming release of tika-bundle.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
