oss-sec mailing list archives
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
From: Andreas Lehmkuehler <lehmi () apache org>
Date: Fri, 29 Jun 2018 08:23:14 +0200
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description:A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Mitigation: Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11 Credit: This issue was discovered by Tobias Ospelt
Current thread:
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler (Jun 29)
- <Possible follow-ups>
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler (Jun 29)