CVE-2021-31811

📊 5.5 MEDIUM⚡ 0.4%🎯 0 exploits

📅 Published Jun 12, 2021

📋 Status: Modified

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

23 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	apache	pdfbox	≥ 2.0.0 ∧ ≤ 2.0.23	Vulnerable	cpe:2.3:a:apache:pdfbox::::::::
💻OS	fedoraproject	fedora	33	Vulnerable	cpe:2.3:o:fedoraproject:fedora:33:::::::*
💻OS	fedoraproject	fedora	34	Vulnerable	cpe:2.3:o:fedoraproject:fedora:34:::::::*
📱App	oracle	banking corporate lending process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:::::::*
📱App	oracle	banking corporate lending process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:::::::*
📱App	oracle	banking corporate lending process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:::::::*
📱App	oracle	banking credit facilities process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:::::::*
📱App	oracle	banking credit facilities process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:::::::*
📱App	oracle	banking credit facilities process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:::::::*
📱App	oracle	banking supply chain finance	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:::::::*
📱App	oracle	banking supply chain finance	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:::::::*
📱App	oracle	banking supply chain finance	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:::::::*
📱App	oracle	banking trade finance	14.5	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::*
📱App	oracle	banking treasury management	14.5	Vulnerable	cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
📱App	oracle	flexcube universal banking	≥ 14.0.0 ∧ ≤ 14.3.0	Vulnerable	cpe:2.3:a:oracle:flexcube_universal_banking::::::::
📱App	oracle	flexcube universal banking	14.5	Vulnerable	cpe:2.3:a:oracle:flexcube_universal_banking:14.5:::::::*
📱App	oracle	outside in technology	8.5.5	Vulnerable	cpe:2.3:a:oracle:outside_in_technology:8.5.5:::::::*
📱App	oracle	primavera unifier	≥ 17.7 ∧ ≤ 17.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier::::::::
📱App	oracle	primavera unifier	18.8	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
📱App	oracle	primavera unifier	19.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
📱App	oracle	primavera unifier	20.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
📱App	oracle	retail customer management and segmentation foundation	18.1	Vulnerable	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.1:::::::*
💻OS	oracle	communications messaging server	8.1	Vulnerable	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

📱

apache / pdfbox

Application

Vulnerable

Version: ≥ 2.0.0 ∧ ≤ 2.0.23

CPE:

cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 33

CPE:

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 34

CPE:

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*

📱

oracle / banking treasury management

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*

📱

oracle / flexcube universal banking

Application

Vulnerable

Version: ≥ 14.0.0 ∧ ≤ 14.3.0

CPE:

cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*

📱

oracle / flexcube universal banking

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*

📱

oracle / outside in technology

Application

Vulnerable

Version: 8.5.5

CPE:

cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: ≥ 17.7 ∧ ≤ 17.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 18.8

CPE:

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 19.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 20.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*

📱

oracle / retail customer management and segmentation foundation

Application

Vulnerable

Version: 18.1

CPE:

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.1:*:*:*:*:*:*:*

💻

oracle / communications messaging server

Operating System

Vulnerable

Version: 8.1

CPE:

cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

23 products•scroll for more

Metrics

5.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

NONE

User Interaction:

REQUIRED

Confidentiality:

NONE

Integrity:

NONE

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

5.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.4% (Minimal)60.8th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Jun 12, 2021 (4 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses2

CWE-789CWE-770

References18

NVDpatchpatch+15