apache pdfbox 过度迭代

admin

0
文章

0
评论

2023-12-01 15:41:14 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 apache pdfbox 过度迭代

CVE编号

CVE-2021-27807

利用情况

暂无

补丁情况

官方补丁

披露时间

2021-03-20

漏洞描述

Apache PDFBox是美国阿帕奇（Apache）基金会的一款基于Java语言的开源工具库。该产品提供PDF文档创建和编辑等功能。 Apache PDFBox存在安全漏洞，该漏洞源于一个精心制作的PDF文件可以在加载文件时触发无限循环。目前没有详细的漏洞细节提供。

解决建议

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：https://lists.apache.org/

参考链接
http://www.openwall.com/lists/oss-security/2021/03/19/9
https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb81675376...
https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab...
https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568...
https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2...
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f633...
https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf7...
https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d3045...
https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b...
https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99b...
https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d388...
https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b823...
https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6...
https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a56...
https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f3613...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	apache	pdfbox	*	From (including) 2.0.0	Up to (including) 2.0.22
	运行在以下环境
	系统	debian_10	libpdfbox-java	*		Up to (excluding) 1.8.16-2
	运行在以下环境
	系统	debian_11	libpdfbox-java	*		Up to (excluding) 1.8.16-2
	运行在以下环境
	系统	debian_12	libpdfbox-java	*		Up to (excluding) 1.8.16-2
	运行在以下环境
	系统	debian_9	libpdfbox-java	*		Up to (including) 1.8.12-1
	运行在以下环境
	系统	debian_sid	libpdfbox-java	*		Up to (excluding) 1.8.16-4
	运行在以下环境
	系统	fedora_32	pdfbox-reactor	*		Up to (excluding) 2.0.23-1.fc32
	运行在以下环境
	系统	fedora_33	pdfbox-reactor	*		Up to (excluding) 2.0.23-1.fc33
	运行在以下环境
	系统	fedora_34	xmpbox	*		Up to (excluding) 2.0.23-1.fc34