CVE-2018-8036
published 2018-07-03CVE-2018-8036: In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pdfbox | <= 1.8.14 | — |
| apache | pdfbox | — | — |
| apache | pdfbox | 2.0.0 – 2.0.10 | — |
| apache | tika | — | — |
| apache_software_foundation | apache_pdfbox | — | — |
| apache_software_foundation | apache_pdfbox | — | — |
| debian | libpdfbox-java | < libpdfbox-java 1:1.8.15-1 (bookworm) | libpdfbox-java 1:1.8.15-1 (bookworm) |
| debian | libpdfbox2-java | < libpdfbox-java 1:1.8.15-1 (bookworm) | libpdfbox-java 1:1.8.15-1 (bookworm) |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM