pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

Security update for apache-pdfbox (moderate)

This update for apache-pdfbox fixes the following issues: Security issue fixed: - CVE-2018-8036: Fix infinite loop while parsing files that leads to an out of memory issue bsc1099721. This update was imported from the SUSE:SLE-15:Update update project...

openSUSE Security Update : apache-pdfbox (openSUSE-2018-975)

This update for apache-pdfbox fixes the following issues : Security issue fixed : - CVE-2018-8036: Fix infinite loop while parsing files that leads to an out of memory issue bsc1099721. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network...

SUSE-SU-2018:2630-1 Security update for apache-pdfbox

This update for apache-pdfbox fixes the following issues: Security issue fixed: - CVE-2018-8036: Fix infinite loop while parsing files that leads to an out of memory issue bsc1099721...

Apache PDFBox 1.8.14 / 2.0.10 Denial Of Service Vulnerability

Exploit for windows platform in category dos / poc CVE-2018-8036 DoS OOM Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions...

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

Code injection

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

DEBIAN-CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

CVE-2018-8036

CVE-2018-8036 affects Apache PDFBox (versions 1.8.0–1.8.14 and 2.0.0RC1–2.0.10). A carefully crafted file can trigger an infinite loop in PDFBox’s AFMParser, causing memory exhaustion (DoS). Public details in connected IBM/IBM-Log-Analysis-related advisories confirm the issue and link to fixes, e...

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...

Denial Of Service (DoS)

Apache PDFBox is vulnerable to denial of service DoS attacks. A malicious user can pass an AFM file to the application to cause an out-of-memory exception that can crash the application...

Security Bulletin: Open Source Apache PDFBox Vulnerability in IBM eDiscovery Analyzer

Summary Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of...

Security Bulletin: Vulnerability in Apache Tomcat Commons FileUpload affect FileNet Content Manager, and IBM Content Foundation (CVE-2016-3092)

Summary Security vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Apache PDFBox. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...

Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175)

Summary Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content Foundation. Vulnerability Details CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external...

Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management (CVE-2016-2175)

Summary Apache PDFBox affects IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. ...

pdfbox: XML External Entity vulnerability

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...