CVE-2021-27906

📊 5.5 MEDIUM⚡ 0.5%🎯 0 exploits

📅 Published Mar 19, 2021

📋 Status: Modified

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

42 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	apache	pdfbox	≥ 2.0.0 ∧ ≤ 2.0.22	Vulnerable	cpe:2.3:a:apache:pdfbox::::::::
💻OS	fedoraproject	fedora	32	Vulnerable	cpe:2.3:o:fedoraproject:fedora:32:::::::*
💻OS	fedoraproject	fedora	33	Vulnerable	cpe:2.3:o:fedoraproject:fedora:33:::::::*
💻OS	fedoraproject	fedora	34	Vulnerable	cpe:2.3:o:fedoraproject:fedora:34:::::::*
📱App	oracle	banking corporate lending process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:::::::*
📱App	oracle	banking corporate lending process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:::::::*
📱App	oracle	banking corporate lending process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:::::::*
📱App	oracle	banking credit facilities process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:::::::*
📱App	oracle	banking credit facilities process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:::::::*
📱App	oracle	banking credit facilities process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:::::::*
📱App	oracle	banking supply chain finance	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:::::::*
📱App	oracle	banking supply chain finance	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:::::::*
📱App	oracle	banking supply chain finance	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:::::::*
📱App	oracle	banking trade finance process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:::::::*
📱App	oracle	banking trade finance process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:::::::*
📱App	oracle	banking trade finance process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:::::::*
📱App	oracle	banking treasury management	14.5	Vulnerable	cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
📱App	oracle	banking virtual account management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:::::::*
📱App	oracle	banking virtual account management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:::::::*
📱App	oracle	banking virtual account management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:::::::*
📱App	oracle	communications session report manager	≥ 8.0.0 ∧ ≤ 8.2.4.0	Vulnerable	cpe:2.3:a:oracle:communications_session_report_manager::::::::
📱App	oracle	flexcube universal banking	≥ 14.0.0 ∧ ≤ 14.3.0	Vulnerable	cpe:2.3:a:oracle:flexcube_universal_banking::::::::
📱App	oracle	flexcube universal banking	14.5.0	Vulnerable	cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:::::::*
📱App	oracle	hyperion financial reporting	11.1.2.4	Vulnerable	cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:::::::*
📱App	oracle	hyperion financial reporting	11.2.6.0	Vulnerable	cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.6.0:::::::*
📱App	oracle	hyperion infrastructure technology	< 11.2.8.0	Vulnerable	cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::
📱App	oracle	outside in technology	8.5.5	Vulnerable	cpe:2.3:a:oracle:outside_in_technology:8.5.5:::::::*
📱App	oracle	peoplesoft enterprise peopletools	8.58	Vulnerable	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
📱App	oracle	peoplesoft enterprise peopletools	8.59	Vulnerable	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
📱App	oracle	primavera unifier	≥ 17.7 ∧ ≤ 17.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier::::::::
📱App	oracle	primavera unifier	18.8	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
📱App	oracle	primavera unifier	19.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
📱App	oracle	primavera unifier	20.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
📱App	oracle	retail customer management and segmentation foundation	19.0	Vulnerable	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
📱App	oracle	retail xstore point of service	16.0.6	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*
📱App	oracle	retail xstore point of service	17.0.4	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*
📱App	oracle	retail xstore point of service	18.0.3	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*
📱App	oracle	retail xstore point of service	19.0.2	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*
📱App	oracle	retail xstore point of service	20.0.1	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
📱App	oracle	webcenter sites	12.2.1.3.0	Vulnerable	cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
📱App	oracle	webcenter sites	12.2.1.4.0	Vulnerable	cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
💻OS	oracle	communications messaging server	8.1	Vulnerable	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

📱

apache / pdfbox

Application

Vulnerable

Version: ≥ 2.0.0 ∧ ≤ 2.0.22

CPE:

cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 32

CPE:

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 33

CPE:

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 34

CPE:

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking treasury management

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*

📱

oracle / banking virtual account management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking virtual account management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking virtual account management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / communications session report manager

Application

Vulnerable

Version: ≥ 8.0.0 ∧ ≤ 8.2.4.0

CPE:

cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*

📱

oracle / flexcube universal banking

Application

Vulnerable

Version: ≥ 14.0.0 ∧ ≤ 14.3.0

CPE:

cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*

📱

oracle / flexcube universal banking

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:*:*:*:*:*:*:*

📱

oracle / hyperion financial reporting

Application

Vulnerable

Version: 11.1.2.4

CPE:

cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*

📱

oracle / hyperion financial reporting

Application

Vulnerable

Version: 11.2.6.0

CPE:

cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.6.0:*:*:*:*:*:*:*

📱

oracle / hyperion infrastructure technology

Application

Vulnerable

Version: < 11.2.8.0

CPE:

cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*

📱

oracle / outside in technology

Application

Vulnerable

Version: 8.5.5

CPE:

cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*

📱

oracle / peoplesoft enterprise peopletools

Application

Vulnerable

Version: 8.58

CPE:

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

📱

oracle / peoplesoft enterprise peopletools

Application

Vulnerable

Version: 8.59

CPE:

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: ≥ 17.7 ∧ ≤ 17.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 18.8

CPE:

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 19.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 20.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*

📱

oracle / retail customer management and segmentation foundation

Application

Vulnerable

Version: 19.0

CPE:

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 16.0.6

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 17.0.4

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 18.0.3

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 19.0.2

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 20.0.1

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*

📱

oracle / webcenter sites

Application

Vulnerable

Version: 12.2.1.3.0

CPE:

cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

📱

oracle / webcenter sites

Application

Vulnerable

Version: 12.2.1.4.0

CPE:

cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

💻

oracle / communications messaging server

Operating System

Vulnerable

Version: 8.1

CPE:

cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

42 products•scroll for more

Metrics

5.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

NONE

User Interaction:

REQUIRED

Confidentiality:

NONE

Integrity:

NONE

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

5.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.5% (Minimal)67.0th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Mar 19, 2021 (4 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses2

CWE-789

References22

NVDpatchpatch+19