4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
Package : libpdfbox-java
Version : 1:1.8.7+dfsg-1+deb8u2
CVE ID : CVE-2018-11797
Debian Bug : #910390
It was discovered that there was a denial-of-service vulnerability in
libpdfbox-java, a PDF library for Java.
A malicious PDF file could have triggered an extremely long running
computation when parsing the page tree.
For Debian 8 "Jessie", this issue has been fixed in libpdfbox-java version
1:1.8.7+dfsg-1+deb8u2.
We recommend that you upgrade your libpdfbox-java packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | libfontbox-java | < 1:1.8.7+dfsg-1+deb8u2 | libfontbox-java_1:1.8.7+dfsg-1+deb8u2_all.deb |
Debian | 8 | all | libpdfbox-java | < 1:1.8.7+dfsg-1+deb8u2 | libpdfbox-java_1:1.8.7+dfsg-1+deb8u2_all.deb |
Debian | 8 | all | libfontbox-java-doc | < 1:1.8.7+dfsg-1+deb8u2 | libfontbox-java-doc_1:1.8.7+dfsg-1+deb8u2_all.deb |
Debian | 8 | all | libjempbox-java-doc | < 1:1.8.7+dfsg-1+deb8u2 | libjempbox-java-doc_1:1.8.7+dfsg-1+deb8u2_all.deb |
Debian | 8 | all | libpdfbox-java-doc | < 1:1.8.7+dfsg-1+deb8u2 | libpdfbox-java-doc_1:1.8.7+dfsg-1+deb8u2_all.deb |
Debian | 8 | all | libjempbox-java | < 1:1.8.7+dfsg-1+deb8u2 | libjempbox-java_1:1.8.7+dfsg-1+deb8u2_all.deb |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%