Date: Fri, 29 Jun 2018 18:51:28 +0200 From: Andreas Lehmkuehler <lehmi@...che.org> To: announce@...che.org, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. Mitigation: Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11 Credit: This issue was discovered by Tobias Ospelt Website: https://pdfbox.apache.org/ Download: https://pdfbox.apache.org/download.cgi https://www.apache.org/dist/pdfbox/2.0.11/RELEASE-NOTES.txt https://www.apache.org/dist/pdfbox/1.8.15/RELEASE-NOTES.txt
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.