Bug#1059319: libitext1-java: CVE-2021-37819
Moritz Mühlenhoff
jmm at inutil.org
Fri Dec 22 13:57:53 GMT 2023
Source: libitext1-java
X-Debbugs-CC: team at security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for PdfReader, which is
embedded in libitext1-java.
CVE-2021-37819[0]:
| PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
| loop via the component /text/pdf/PdfReader.java.
https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21
https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0)
https://gitlab.com/pdftk-java/pdftk/-/commit/9b0cbb76c8434a8505f02ada02a94263dcae9247 (v3.3.0)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-37819
https://www.cve.org/CVERecord?id=CVE-2021-37819
Please adjust the affected versions in the BTS as needed.
More information about the pkg-java-maintainers
mailing list