An update for pdfbox is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1256 Final 1.0 1.0 2021-07-03 Initial 2021-07-03 2021-07-03 openEuler SA Tool V1.0 2021-07-03 pdfbox security update An update for pdfbox is now available for openEuler-20.03-LTS-SP1. Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is published under the Apache License v2.0. Security Fix(es): In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.(CVE-2021-31811) In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.(CVE-2021-31812) An update for pdfbox is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium pdfbox https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1256 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-31811 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-31812 https://nvd.nist.gov/vuln/detail/CVE-2021-31811 https://nvd.nist.gov/vuln/detail/CVE-2021-31812 openEuler-20.03-LTS-SP1 xmpbox-2.0.24-1.oe1.noarch.rpm fontbox-2.0.24-1.oe1.noarch.rpm pdfbox-2.0.24-1.oe1.noarch.rpm preflight-2.0.24-1.oe1.noarch.rpm pdfbox-javadoc-2.0.24-1.oe1.noarch.rpm pdfbox-debugger-2.0.24-1.oe1.noarch.rpm pdfbox-reactor-2.0.24-1.oe1.noarch.rpm pdfbox-parent-2.0.24-1.oe1.noarch.rpm pdfbox-tools-2.0.24-1.oe1.noarch.rpm pdfbox-2.0.24-1.oe1.src.rpm In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. 2021-07-03 CVE-2021-31811 openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H pdfbox security update 2021-07-03 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1256 In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. 2021-07-03 CVE-2021-31812 openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H pdfbox security update 2021-07-03 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1256