|
Message-ID: <61f3f180-f1a2-40d6-db4f-bd50d5e48789@apache.org> Date: Fri, 5 Oct 2018 16:10:49 +0200 From: Andreas Lehmkuehler <lehmi@...che.org> To: announce@...che.org, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox <= 1.8.15 Apache PDFBox <= 2.0.11 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. Mitigation: Upgrade to Apache PDFBox 1.8.16 respectively 2.0.12 Credit: This issue was discovered by Shawn Rasheed Website: https://pdfbox.apache.org/ Download: https://pdfbox.apache.org/download.cgi https://www.apache.org/dist/pdfbox/2.0.12/RELEASE-NOTES.txt https://www.apache.org/dist/pdfbox/1.8.16/RELEASE-NOTES.txt
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.