CVE-2021-37819Infinite Loop in Libitext-java

CWE-835Infinite Loop4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Pdftk-java Project Pdftk-javaDebian Libitext-javaDebian Libitext1-java+3 more
Timeline
PublishedSep 9
Latest updateSep 10

Description

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

debiandebian/pdftk-java< libitext-java 2.1.7-16 (forky)
debiandebian/libitext-java< libitext-java 2.1.7-16 (forky)
debiandebian/libitext1-java< libitext-java 2.1.7-16 (forky)
debiandebian/libitext5-java< libitext-java 2.1.7-16 (forky)
Debianpdftk-java_project/pdftk-java< 3.3.2-1+2

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

2
GHSA
GHSA-gj7r-55x2-8vv5: PDF Labs pdftk-java v32022-09-10
OSV
CVE-2021-37819: PDF Labs pdftk-java v32022-09-09

📋Vendor Advisories

1
Debian
CVE-2021-37819: libitext-java - PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the co...2021