Vulnerabilities > CVE-2021-31812 - Infinite Loop vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2021-06-12

Updated: 2023-11-07

Summary

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Pdfbox 2.0.0 Apache Pdfbox 2.0.1 Apache Pdfbox 2.0.2 Apache Pdfbox 2.0.3 Apache Pdfbox 2.0.4 Apache Pdfbox 2.0.5 Apache Pdfbox 2.0.6 Apache Pdfbox 2.0.7 Apache Pdfbox 2.0.8 Apache Pdfbox 2.0.9 Apache Pdfbox 2.0.10 Apache Pdfbox 2.0.11 Apache Pdfbox 2.0.14 Apache Pdfbox 2.0.15 Apache Pdfbox 2.0.16 Apache Pdfbox 2.0.17 Apache Pdfbox 2.0.18 Apache Pdfbox 2.0.19 Apache Pdfbox 2.0.20 Apache Pdfbox 2.0.21 Apache Pdfbox 2.0.22 Apache Pdfbox 2.0.23	25
Application	Oracle Oracle Banking Credit Facilities Process Management 14.3.0 Oracle Banking Credit Facilities Process Management 14.2.0 Oracle Banking Credit Facilities Process Management 14.5.0 Oracle Banking Corporate Lending Process Management 14.3.0 Oracle Banking Corporate Lending Process Management 14.2.0 Oracle Banking Corporate Lending Process Management 14.5.0 Oracle Banking Supply Chain Finance 14.2.0 Oracle Banking Supply Chain Finance 14.5.0 Oracle Banking Supply Chain Finance 14.3.0 Oracle Retail Customer Management AND Segmentation Foundation 18.1	10
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2
OS	Oracle Oracle Communications Messaging Server 8.1	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References