You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Shubhangi Raut (Jira)" <ji...@apache.org> on 2021/06/17 06:05:00 UTC

[jira] [Created] (TIKA-3448) Upgrade version for TPS: pdfbox to 2.0.24

Shubhangi Raut created TIKA-3448:
------------------------------------

             Summary: Upgrade version for TPS: pdfbox to 2.0.24
                 Key: TIKA-3448
                 URL: https://issues.apache.org/jira/browse/TIKA-3448
             Project: Tika
          Issue Type: Bug
    Affects Versions: 1.26, 1.25
            Reporter: Shubhangi Raut


Latest tika-bundle uses pdfbox version 2.0.23.

As per National Vulnerability Database, pdfbox-2.0.23 and earlier have following vulnerabilities:
 [CVE-2021-31811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31811]: In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
 [CVE-2021-31812|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812]: In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

pdfbox-2.0.24 is non-vulnerable version available right now, released on 10th June. Please consider upgrading to it in upcoming release of tika-bundle.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)