Apache Pdfbox
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Pdfbox.
By the Year
In 2025 there have been 0 vulnerabilities in Apache Pdfbox. Last year, in 2024 Pdfbox had 1 security vulnerability published. Right now, Pdfbox is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 5.50 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 2 | 6.00 |
It may take a day or so for new Pdfbox vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Pdfbox Security Vulnerabilities
XXE Exploit in Apache PDFBox XML Parsing
CVE-2024-8602
- October 14, 2024
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include: * Reading files from the operating system * Crashing the thread handling the parsing or causing it to enter an infinite loop * Executing HTTP requests * Loading additional DTDs or XML files * Under certain conditions, executing OS commands
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file
CVE-2021-31812
5.5 - Medium
- June 12, 2021
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
Infinite Loop
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
CVE-2021-31811
5.5 - Medium
- June 12, 2021
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
Allocation of Resources Without Limits or Throttling
A carefully crafted PDF file can trigger an infinite loop while loading the file
CVE-2021-27807
5.5 - Medium
- March 19, 2021
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
Excessive Iteration
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
CVE-2021-27906
5.5 - Medium
- March 19, 2021
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which
CVE-2019-0228
9.8 - Critical
- April 17, 2019
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
XXE
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file
CVE-2018-11797
5.5 - Medium
- October 05, 2018
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop
CVE-2018-8036
6.5 - Medium
- July 03, 2018
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Infinite Loop
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Pdfbox or by Apache? Click the Watch button to subscribe.
