Denial of Service in Apache PDFBox Across Multiple Versions
CVE-2018-11797

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache PDFbox
Vendor: CVE Published:; 5 October 2018

Summary

In certain versions of Apache PDFBox, a crafted PDF file can lead to prolonged processing times by inducing extensive computations when parsing the page tree. This issue can potentially allow an attacker to burden server resources significantly, leading to a Denial of Service condition.

Affected Version(s)

Apache PDFBox 1.8.0 to 1.8.15

Apache PDFBox 2.0.0RC1 to 2.0.11

References

https://lists.apache.org/thread.html/645574bc50b886d39c20...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/a9760973a873522f4d4c...

mailing-listx_refsource_MLIST

https://lists.debian.org/debian-lts-announce/2018/10/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2018
Vulnerability Reserved
Jun 5, 2018

.