GHSA-j2xq-pfff-mvgg

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Loop with Unreachable Exit Condition in Apache PDFBox

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Ссылки

Пакеты

Наименование

org.apache.pdfbox:pdfbox

maven

Затронутые версииВерсия исправления

>= 1.8.0, <= 1.8.14

1.8.15

Наименование

org.apache.pdfbox:pdfbox

maven

Затронутые версииВерсия исправления

>= 2.0.0RC1, <= 2.0.10

2.0.11

EPSS

Процентиль: 67%

0.00547

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-8036

Дефекты

CWE-835

Связанные уязвимости

CVE-2018-8036

CVSS3: 6.5

ubuntu

больше 7 лет назад

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

CVE-2018-8036

CVSS3: 6.5

redhat

больше 7 лет назад

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

CVE-2018-8036

CVSS3: 6.5

nvd

больше 7 лет назад

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

CVE-2018-8036

CVSS3: 6.5

debian

больше 7 лет назад

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...

openSUSE-SU-2018:2645-1

suse-cvrf

больше 7 лет назад

Security update for apache-pdfbox

EPSS

Процентиль: 67%

0.00547

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-8036

Дефекты

CWE-835