Date: Fri, 29 Jun 2018 18:51:28 +0200 From: Andreas Lehmkuehler <lehmi@...che.org> To: announce@...che.org, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. Mitigation: Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11 Credit: This issue was discovered by Tobias Ospelt Website: https://pdfbox.apache.org/ Download: https://pdfbox.apache.org/download.cgi https://www.apache.org/dist/pdfbox/2.0.11/RELEASE-NOTES.txt https://www.apache.org/dist/pdfbox/1.8.15/RELEASE-NOTES.txt
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ