PT-2018-3490 · Apache+1 · Apache Pdfbox+1

Publicado

2018-10-05

Atualizado

2021-05-21

CVE-2018-11797

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache PDFBox versions 1.8.0 through 1.8.15 Apache PDFBox versions 2.0.0RC1 through 2.0.11

Description: The issue is related to insufficient input validation in the Apache PDFBox library, which can be exploited by a specially crafted PDF file. This can trigger an extremely long running computation when parsing the page tree, potentially leading to a denial of service.

Recommendations: For Apache PDFBox versions 1.8.0 through 1.8.15, update to a version outside of this range to resolve the issue. For Apache PDFBox versions 2.0.0RC1 through 2.0.11, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the PDF parsing functionality to minimize the risk of exploitation.

Correção

Resource Exhaustion

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-20

Identificadores relacionados

BDU:2020-02659

CVE-2018-11797

DLA-1547-1

GHSA-GX96-VGF7-HWFG

OPENSUSE-SU-2018_3384-1

OPENSUSE-SU-2018_3798-1

OPENSUSE-SU-2024:10622-1

SUSE-SU-2018:3318-1

SUSE-SU-2018:3755-1

SUSE-SU-2018_3318-1

SUSE-SU-2018_3755-1

Produtos afetados

Apache Pdfbox

Suse

PT-2018-3490 · Apache+1 · Apache Pdfbox+1

CVE-2018-11797

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32