65405 – infinite loop in dependent library - pdfbox

Bug 65405 - infinite loop in dependent library - pdfbox

Summary: infinite loop in dependent library - pdfbox

Status:	NEW

Alias:	None

Product:	POI
Classification:	Unclassified
Component:	POI Overall (show other bugs)
Version:	5.0.0-FINAL
Hardware:	PC Linux

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	POI Developers List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-06-28 16:02 UTC by azamat.muminov
Modified:	2021-06-28 16:45 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description azamat.muminov 2021-06-28 16:02:08 UTC

White source flagged 2 issues related to dependent library of batik-all - org.apache.pdfbox/pdfbox version 2.0.22:

1. A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

2. A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Suggested fix: Upgrade to version org.apache.pdfbox:pdfbox:2.0.23

Comment 1 PJ Fanning 2021-06-28 16:45:33 UTC

I've upgraded the pdfbox jars used in our build https://github.com/apache/poi/commit/212863741fc4790259d345a70608d25cec31a4d6