[<prev] [next>] [day] [month] [year] [list]
Message-ID: <637b5a18-f7cc-7e13-e0ea-7d89ab8cc689@apache.org>
Date: Fri, 29 Jun 2018 08:23:14 +0200
From: Andreas Lehmkuehler <lehmi@...che.org>
To: announce@...che.org, dev@...box.apache.org,
"users@...box.apache.org" <users@...box.apache.org>, security@...che.org,
oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well
Description:
A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to
an out of memory exception in Apache PDFBox's AFMParser.
Mitigation:
Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11
Credit:
This issue was discovered by Tobias Ospelt
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
