CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:pdfbox:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:pdfbox:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:pdfbox:2.0.0:rc3:*:*:*:*:*:*

History

07 Nov 2023, 03:01

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/', 'name': 'FEDORA-2019-6fa01d12b4', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E', 'name': '[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/', 'name': 'FEDORA-2019-9e91afa2be', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6@%3Cusers.pdfbox.apache.org%3E', 'name': "[users] 20180629 [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser", 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/ -
  • () https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E -
  • () https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6%40%3Cusers.pdfbox.apache.org%3E -

Information

Published : 2018-07-03 20:29

Updated : 2023-12-10 12:30


NVD link : CVE-2018-8036

Mitre link : CVE-2018-8036

CVE.ORG link : CVE-2018-8036


JSON object : View

Products Affected

apache

  • pdfbox
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')