pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Lehmkuehler <le...@apache.org>
Subject [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
Date Fri, 29 Jun 2018 06:23:14 GMT
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to 
an out of memory exception in Apache PDFBox's AFMParser.

Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11

This issue was discovered by Tobias Ospelt

To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org

View raw message