Shubhangi Raut created TIKA-3448:
------------------------------------
Summary: Upgrade version for TPS: pdfbox to 2.0.24
Key: TIKA-3448
URL: https://issues.apache.org/jira/browse/TIKA-3448
Project: Tika
Issue Type: Bug
Affects Versions: 1.26, 1.25
Reporter: Shubhangi Raut
Latest tika-bundle uses pdfbox version 2.0.23.
As per National Vulnerability Database, pdfbox-2.0.23 and earlier have
following vulnerabilities:
[CVE-2021-31811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31811]:
In Apache PDFBox, a carefully crafted PDF file can trigger an
OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox
version 2.0.23 and prior 2.0.x versions.
[CVE-2021-31812|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812]:
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop
while loading the file. This issue affects Apache PDFBox version 2.0.23 and
prior 2.0.x versions.
pdfbox-2.0.24 is non-vulnerable version available right now, released on 10th
June. Please consider upgrading to it in upcoming release of tika-bundle.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
