Vulnerabilities > CVE-2021-27807 - Excessive Iteration vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2021-03-19

Updated: 2023-11-07

Summary

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Pdfbox 2.0.0 Apache Pdfbox 2.0.1 Apache Pdfbox 2.0.2 Apache Pdfbox 2.0.3 Apache Pdfbox 2.0.4 Apache Pdfbox 2.0.5 Apache Pdfbox 2.0.6 Apache Pdfbox 2.0.7 Apache Pdfbox 2.0.8 Apache Pdfbox 2.0.9 Apache Pdfbox 2.0.10 Apache Pdfbox 2.0.11 Apache Pdfbox 2.0.14 Apache Pdfbox 2.0.15 Apache Pdfbox 2.0.16 Apache Pdfbox 2.0.17 Apache Pdfbox 2.0.18 Apache Pdfbox 2.0.19 Apache Pdfbox 2.0.20 Apache Pdfbox 2.0.21 Apache Pdfbox 2.0.22	24
Application	Oracle Oracle Hyperion Financial Reporting 11.1.2.4 Oracle Hyperion Financial Reporting 11.2.6.0 Oracle Webcenter Sites 12.2.1.3.0 Oracle Webcenter Sites 12.2.1.4.0 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.8 Oracle Primavera Unifier 17.9 Oracle Primavera Unifier 17.10 Oracle Primavera Unifier 17.11 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 19.12 Oracle Primavera Unifier 20.12 Oracle Flexcube Universal Banking 14.0.0 Oracle Flexcube Universal Banking 14.1.0 Oracle Flexcube Universal Banking 14.2.0 Oracle Flexcube Universal Banking 14.3.0 Oracle Flexcube Universal Banking 14.5.0 Oracle Outside IN Technology 8.5.5 Oracle Retail Customer Management AND Segmentation Foundation 19.0 Oracle Banking Virtual Account Management 14.3.0 Oracle Banking Virtual Account Management 14.2.0 Oracle Banking Virtual Account Management 14.5.0 Oracle Banking Trade Finance Process Management 14.3.0 Oracle Banking Trade Finance Process Management 14.5.0 Oracle Banking Trade Finance Process Management 14.2.0 Oracle Retail Xstore Point OF Service 16.0.6 Oracle Retail Xstore Point OF Service 17.0.4 Oracle Retail Xstore Point OF Service 18.0.3 Oracle Retail Xstore Point OF Service 19.0.2 Oracle Retail Xstore Point OF Service 20.0.1 Oracle Communications Session Report Manager 8.0.0 Oracle Communications Session Report Manager 8.0.0.0 Oracle Communications Session Report Manager 8.1.0 Oracle Communications Session Report Manager 8.1.1 Oracle Communications Session Report Manager 8.2.0 Oracle Communications Session Report Manager 8.2.1 Oracle Communications Session Report Manager 8.2.2 Oracle Communications Session Report Manager 8.2.2.1 Oracle Communications Session Report Manager 8.2.4.0 Oracle Hyperion Infrastructure Technology 11.1.2.4 Oracle Hyperion Infrastructure Technology 11.1.2.6.0 Oracle Hyperion Infrastructure Technology 11.2.5.0 Oracle Hyperion Infrastructure Technology 11.2.6.0 Oracle Hyperion Infrastructure Technology 11.2.7.0 Oracle Banking Treasury Management 14.5	46
OS	Fedoraproject Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34	3
OS	Oracle Oracle Communications Messaging Server 8.1	1

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References