Описание
Security update for apache-pdfbox
This update for apache-pdfbox fixes the following security issue:
- CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721).
- CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009):
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP3
apache-pdfbox-1.8.12-3.5.4
Ссылки
- Link for SUSE-SU-2018:3318-1
- E-Mail link for SUSE-SU-2018:3318-1
- SUSE Security Ratings
- SUSE Bug 1099721
- SUSE Bug 1111009
- SUSE CVE CVE-2018-11797 page
- SUSE CVE CVE-2018-8036 page
Описание
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP3:apache-pdfbox-1.8.12-3.5.4
Ссылки
- CVE-2018-11797
- SUSE Bug 1111009
Описание
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP3:apache-pdfbox-1.8.12-3.5.4
Ссылки
- CVE-2018-8036
- SUSE Bug 1099721