Описание
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Отчет
While Fuse 6.3 and Fuse 7.0 ship vulnerable artifact via camel-pdfbox, however, the flawed code is not being used therefore no execution path leads to an exposure to this vulnerability, so both Fuse 6.3, 7 standalone are not affected. However, Fuse 7.0 on OpenShift ship vulnerable artifact via maven BOM, so setting Fuse 7.0 as affected for this reason only.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | pdfbox | Not affected | ||
| Red Hat JBoss BRMS 6 | pdfbox | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | pdfbox | Will not fix | ||
| Red Hat JBoss Fuse 6 | pdfbox | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | pdfbox | Not affected | ||
| Red Hat Satellite 5 | nutch | Will not fix | ||
| Red Hat JBoss Fuse 7 | pdfbox | Fixed | RHSA-2018:2669 | 11.09.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...
EPSS
6.5 Medium
CVSS3