| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2e123ab7-5492-d35a-1c85-7b13dbd438ec@apache.org> Date: Fri, 29 Jun 2018 18:51:28 +0200 From: Andreas Lehmkuehler <lehmi@...che.org> To: announce@...che.org, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. Mitigation: Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11 Credit: This issue was discovered by Tobias Ospelt Website: https://pdfbox.apache.org/ Download: https://pdfbox.apache.org/download.cgi https://www.apache.org/dist/pdfbox/2.0.11/RELEASE-NOTES.txt https://www.apache.org/dist/pdfbox/1.8.15/RELEASE-NOTES.txt
Powered by blists - more mailing lists