CVE-2018-8036

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache PDFbox
Vendor: CVE Published:; 3 July 2018

Summary

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Affected Version(s)

Apache PDFBox 1.8.0 to 1.8.14

Apache PDFBox 2.0.0RC1 to 2.0.10

References

https://access.redhat.com/errata/RHSA-2018:2669

vendor-advisoryx_refsource_REDHAT

https://lists.apache.org/thread.html/9f62f742fd4fcd81654a...

mailing-listx_refsource_MLIST

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2018
Vulnerability Reserved
Mar 9, 2018