{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"pdfbox security update", "category":"general", "title":"Synopsis" }, { "text":"An update for pdfbox is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is published under the Apache License v2.0.\n\nSecurity Fix(es):\n\nIn Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.(CVE-2021-31811)\n\nIn Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.(CVE-2021-31812)", "category":"general", "title":"Description" }, { "text":"An update for pdfbox is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"pdfbox", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2021-1256", "category":"self", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1256" }, { "summary":"CVE-2021-31811", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2021-31811&packageName=pdfbox" }, { "summary":"CVE-2021-31812", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2021-31812&packageName=pdfbox" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31811" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31812" }, { "summary":"openEuler-SA-2021-1256 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2021/csaf-openeuler-sa-2021-1256.json" } ], "title":"An update for pdfbox is now available for openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2021-07-03T09:21:01+08:00", "revision_history":[ { "date":"2021-07-03T09:21:01+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:21:01+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:21:01+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:21:01+08:00", "id":"openEuler-SA-2021-1256", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"xmpbox-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"xmpbox-2.0.24-1.oe1.noarch.rpm" }, "name":"xmpbox-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"fontbox-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"fontbox-2.0.24-1.oe1.noarch.rpm" }, "name":"fontbox-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"pdfbox-2.0.24-1.oe1.noarch.rpm" }, "name":"pdfbox-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"preflight-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"preflight-2.0.24-1.oe1.noarch.rpm" }, "name":"preflight-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-javadoc-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"pdfbox-javadoc-2.0.24-1.oe1.noarch.rpm" }, "name":"pdfbox-javadoc-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-debugger-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"pdfbox-debugger-2.0.24-1.oe1.noarch.rpm" }, "name":"pdfbox-debugger-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-reactor-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"pdfbox-reactor-2.0.24-1.oe1.noarch.rpm" }, "name":"pdfbox-reactor-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-parent-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"pdfbox-parent-2.0.24-1.oe1.noarch.rpm" }, "name":"pdfbox-parent-2.0.24-1.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-tools-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"pdfbox-tools-2.0.24-1.oe1.noarch.rpm" }, "name":"pdfbox-tools-2.0.24-1.oe1.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"pdfbox-2.0.24-1.oe1.src.rpm(20.03-LTS-SP1)", "name":"pdfbox-2.0.24-1.oe1.src.rpm" }, "name":"pdfbox-2.0.24-1.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"xmpbox-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "name":"xmpbox-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"fontbox-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "name":"fontbox-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "name":"pdfbox-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"preflight-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "name":"preflight-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-javadoc-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "name":"pdfbox-javadoc-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-debugger-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "name":"pdfbox-debugger-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-reactor-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "name":"pdfbox-reactor-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-parent-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "name":"pdfbox-parent-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-tools-2.0.24-1.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "name":"pdfbox-tools-2.0.24-1.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"pdfbox-2.0.24-1.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src", "name":"pdfbox-2.0.24-1.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2021-31811", "notes":[ { "text":"In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src" ], "details":"pdfbox security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1256" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-31811" }, { "cve":"CVE-2021-31812", "notes":[ { "text":"In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src" ], "details":"pdfbox security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1256" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:xmpbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:fontbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:preflight-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-javadoc-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-debugger-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-reactor-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-parent-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-tools-2.0.24-1.oe1.noarch", "openEuler-20.03-LTS-SP1:pdfbox-2.0.24-1.oe1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-31812" } ] }