Memory Allocation with Excessive Size Value

CVE-2021-27906

Medium

5.5/10

Summary

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox versions 2.0.x prior to 2.0.23.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-789 - Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Mar 19, 2021

Memory Allocation with Excessive Size Value

CVE-2021-27906

Summary

CWE-789 - Memory Allocation with Excessive Size Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS