PT-2018-3490 · Apache+1 · Apache Pdfbox+1

Published

2018-10-05

Updated

2021-05-21

CVE-2018-11797

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache PDFBox versions 1.8.0 through 1.8.15 Apache PDFBox versions 2.0.0RC1 through 2.0.11

Description: The issue is related to insufficient input validation in the Apache PDFBox library, which can be exploited by a specially crafted PDF file. This can trigger an extremely long running computation when parsing the page tree, potentially leading to a denial of service.

Recommendations: For Apache PDFBox versions 1.8.0 through 1.8.15, update to a version outside of this range to resolve the issue. For Apache PDFBox versions 2.0.0RC1 through 2.0.11, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the PDF parsing functionality to minimize the risk of exploitation.

Fix

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

BDU:2020-02659

CVE-2018-11797

DLA-1547-1

GHSA-GX96-VGF7-HWFG

OPENSUSE-SU-2018_3384-1

OPENSUSE-SU-2018_3798-1

OPENSUSE-SU-2024:10622-1

SUSE-SU-2018:3318-1

SUSE-SU-2018:3755-1

SUSE-SU-2018_3318-1

SUSE-SU-2018_3755-1

Affected Products

Apache Pdfbox

Suse

PT-2018-3490 · Apache+1 · Apache Pdfbox+1

CVE-2018-11797

Weakness Enumeration

Related Identifiers

Affected Products

References · 32