Apache PDFBox
How does this open source repository relate to critical infrastructure and healthcare?
Apache PDFBox is used under the hood by hundreds of other Java libraries. On Maven central, this is the #1 Java PDF library. Like xz, its ubiquity can cause widespread harm if it is not secure.
What would vulnerabilities in this repository mean for critical infra & healthcare?
The most common vulnerabilities in this library would be denial of service, which could impeded processing of data or cause applications to fail. More serious vulnerabilities could lead to SSRF or other compromise of critical systems.
Challenges
>>> Lemon Aquarium