Bug 65405 - infinite loop in dependent library - pdfbox
Summary: infinite loop in dependent library - pdfbox
Status: NEW
Alias: None
Product: POI
Classification: Unclassified
Component: POI Overall (show other bugs)
Version: 5.0.0-FINAL
Hardware: PC Linux
: P2 major (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-28 16:02 UTC by azamat.muminov
Modified: 2021-06-28 16:45 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description azamat.muminov 2021-06-28 16:02:08 UTC
White source flagged 2 issues related to dependent library of batik-all - org.apache.pdfbox/pdfbox version 2.0.22:

1. A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

2. A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Suggested fix: Upgrade to version org.apache.pdfbox:pdfbox:2.0.23
Comment 1 PJ Fanning 2021-06-28 16:45:33 UTC
I've upgraded the pdfbox jars used in our build https://github.com/apache/poi/commit/212863741fc4790259d345a70608d25cec31a4d6