lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <61f3f180-f1a2-40d6-db4f-bd50d5e48789@apache.org>
Date: Fri, 5 Oct 2018 16:10:49 +0200
From: Andreas Lehmkuehler <lehmi@...che.org>
To: announce@...che.org, security@...che.org, oss-security@...ts.openwall.com,
  bugtraq@...urityfocus.com
Subject: [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser

[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox <= 1.8.15
Apache PDFBox <= 2.0.11
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefully crafted PDF file can trigger an extremely long
running computation when parsing the page tree.

Mitigation:
Upgrade to Apache PDFBox 1.8.16 respectively 2.0.12

Credit:
This issue was discovered by Shawn Rasheed

Website:
https://pdfbox.apache.org/

Download:
https://pdfbox.apache.org/download.cgi
https://www.apache.org/dist/pdfbox/2.0.12/RELEASE-NOTES.txt
https://www.apache.org/dist/pdfbox/1.8.16/RELEASE-NOTES.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ