Описание
Security update for apache-pdfbox
This update for apache-pdfbox fixes the following security issue:
- CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721).
- CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009):
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
apache-pdfbox-1.8.12-4.3.1
apache-pdfbox-javadoc-1.8.12-4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3384-1
- SUSE Security Ratings
Описание
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Затронутые продукты
openSUSE Leap 42.3:apache-pdfbox-1.8.12-4.3.1
openSUSE Leap 42.3:apache-pdfbox-javadoc-1.8.12-4.3.1
Ссылки
- CVE-2018-11797
- SUSE Bug 1111009
Описание
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Затронутые продукты
openSUSE Leap 42.3:apache-pdfbox-1.8.12-4.3.1
openSUSE Leap 42.3:apache-pdfbox-javadoc-1.8.12-4.3.1
Ссылки
- CVE-2018-8036
- SUSE Bug 1099721