PT-2018-18397 · Apache+1 · Apache Pdfbox+1

Published

2018-07-03

Updated

2022-05-13

CVE-2018-8036

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache PDFBox versions 1.8.0 through 1.8.14 Apache PDFBox versions 2.0.0RC1 through 2.0.10

Description: A carefully crafted file can trigger an infinite loop, leading to an out of memory exception in Apache PDFBox's AFMParser.

Recommendations: For Apache PDFBox versions 1.8.0 through 1.8.14, update to a version outside of this range to resolve the issue. For Apache PDFBox versions 2.0.0RC1 through 2.0.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the AFMParser to minimize the risk of exploitation.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2018-8036

GHSA-J2XQ-PFFF-MVGG

OPENSUSE-SU-2018_2645-1

OPENSUSE-SU-2018_3384-1

OPENSUSE-SU-2024:10622-1

SUSE-SU-2018:2630-1

SUSE-SU-2018:3318-1

SUSE-SU-2018_2630-1

Affected Products

Apache Pdfbox

Suse

PT-2018-18397 · Apache+1 · Apache Pdfbox+1

CVE-2018-8036

Weakness Enumeration

Related Identifiers

Affected Products

References · 27