I doubt that it was fixed in 1.8.*. You should update to 2.0.27. There
are more disadvantages (bugs!) in 1.8.17 than two CVEs which have never
been exploited in the wild, and which will just crash or freeze your
system, but not result in data access.
Tilman
On 28.10.2022 13:35, Mrowczynski, Krzysztof wrote:
Hello, good morning!
In our project we would like to use PDFBox library. According to
mentioned CVE’s /ALL/ versions below 2.0.23 are affected. Recently –
15^th Sempteber 2022 the PDFBox 1.8.17 was released. Unfortunately I
cannot find any information about mitigation of the vulnerability in
release notes. Can you please confirm if the vulnerability is still
present in 1.8.17?
Thank you in advance for support,
Have a great day
Kind regards,
Krzysztof Mrówczyński
Siemens Digital Logistics Sp. z o.o.
Departament R&D
ul. Swobodna 1 | 50-088 Wrocław
P +48 71 799 21 00
Mail: krzysztof.mrowczyn...@siemens.com
<mailto:krzysztof.mrowczyn...@siemens-logistics.com>
www.siemens-digital-logistics.com
<http://www.siemens-digital-logistics.com/>
Management: Arkadiusz Wójtowicz, Anna Cieślik
Registered office: Swobodna 1, 50-088 Wrocław, Poland
Register Court: Enterprise Division VI of the National Court Register,
District Wrocław-Fabryczna KRS number 0000008147
Tax Identification Number: PL 8971648009
Share capital: 1.375.000,00 PLN
Confidential @ Siemens Digital Logistics Sp. z o.o. All rights reserved.
Important notice: This e-mail and any attachment thereof contain
corporate proprietary information. If you have received it by mistake,
please notify us immediately by reply e-mail and delete this e-mail
and its attachments from your system. Thank you.
