You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Shubhangi Raut (Jira)" <ji...@apache.org> on 2021/06/17 06:05:00 UTC
[jira] [Created] (TIKA-3448) Upgrade version for TPS: pdfbox to
2.0.24
Shubhangi Raut created TIKA-3448:
------------------------------------
Summary: Upgrade version for TPS: pdfbox to 2.0.24
Key: TIKA-3448
URL: https://issues.apache.org/jira/browse/TIKA-3448
Project: Tika
Issue Type: Bug
Affects Versions: 1.26, 1.25
Reporter: Shubhangi Raut
Latest tika-bundle uses pdfbox version 2.0.23.
As per National Vulnerability Database, pdfbox-2.0.23 and earlier have following vulnerabilities:
[CVE-2021-31811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31811]: In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
[CVE-2021-31812|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812]: In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
pdfbox-2.0.24 is non-vulnerable version available right now, released on 10th June. Please consider upgrading to it in upcoming release of tika-bundle.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)