CVE-2018-8036

CWE-835 CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Pdfbox Apache Software Foundation Apache Pdfbox

Timeline

PublishedJul 3

Latest updateMay 13

Description

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶Mavenorg.apache.pdfbox:pdfbox1.8.0 — 1.8.15+1

▶NVDapache/pdfbox2.0.0 — 2.0.10+2

▶CVEListV5apache_software_foundation/apache_pdfbox1.8.0 to 1.8.14, 2.0.0RC1 to 2.0.10+1

▶Debianlibpdfbox-java< 1:1.8.15-1+3

▶Debianlibpdfbox2-java< 2.0.11-1+3

🔴Vulnerability Details

OSV

Loop with Unreachable Exit Condition in Apache PDFBox↗2022-05-13

▶

GHSA

Loop with Unreachable Exit Condition in Apache PDFBox↗2022-05-13

▶

CVEList

CVE-2018-8036: In Apache PDFBox 1↗2018-07-03

▶

OSV

CVE-2018-8036: In Apache PDFBox 1↗2018-07-03

▶

📋Vendor Advisories

Red Hat

pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF↗2018-07-01

▶

Debian

CVE-2018-8036: libpdfbox-java - In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or...↗2018

▶

Apache

Apache tika: CVE-2018-8036↗

▶

💬Community

Bugzilla

CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF [fedora-all]↗2018-07-03

▶

Bugzilla

CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF↗2018-07-03

▶