CVE-2021-31812

📊 5.5 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Jun 12, 2021

📋 Status: Modified

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

14 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	apache	pdfbox	≥ 2.0.0 ∧ ≤ 2.0.23	Vulnerable	cpe:2.3:a:apache:pdfbox::::::::
💻OS	fedoraproject	fedora	33	Vulnerable	cpe:2.3:o:fedoraproject:fedora:33:::::::*
💻OS	fedoraproject	fedora	34	Vulnerable	cpe:2.3:o:fedoraproject:fedora:34:::::::*
📱App	oracle	banking corporate lending process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:::::::*
📱App	oracle	banking corporate lending process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:::::::*
📱App	oracle	banking corporate lending process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:::::::*
📱App	oracle	banking credit facilities process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:::::::*
📱App	oracle	banking credit facilities process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:::::::*
📱App	oracle	banking credit facilities process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:::::::*
📱App	oracle	banking supply chain finance	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:::::::*
📱App	oracle	banking supply chain finance	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:::::::*
📱App	oracle	banking supply chain finance	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:::::::*
📱App	oracle	retail customer management and segmentation foundation	18.1	Vulnerable	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.1:::::::*
💻OS	oracle	communications messaging server	8.1	Vulnerable	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

📱

apache / pdfbox

Application

Vulnerable

Version: ≥ 2.0.0 ∧ ≤ 2.0.23

CPE:

cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 33

CPE:

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

💻

fedoraproject / fedora

Operating System

Vulnerable

Version: 34

CPE:

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*

📱

oracle / retail customer management and segmentation foundation

Application

Vulnerable

Version: 18.1

CPE:

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.1:*:*:*:*:*:*:*

💻

oracle / communications messaging server

Operating System

Vulnerable

Version: 8.1

CPE:

cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

14 products•scroll for more

Metrics

5.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

NONE

User Interaction:

REQUIRED

Confidentiality:

NONE

Integrity:

NONE

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

5.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)11.7th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Jun 12, 2021 (4 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses2

CWE-834CWE-835

References17

NVDpatchpatch+14