White source flagged 2 issues related to dependent library of batik-all - org.apache.pdfbox/pdfbox version 2.0.22: 1. A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2. A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Suggested fix: Upgrade to version org.apache.pdfbox:pdfbox:2.0.23
I've upgraded the pdfbox jars used in our build https://github.com/apache/poi/commit/212863741fc4790259d345a70608d25cec31a4d6