Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTobias Ospelt1337DAY-ID-30676
HistoryJul 04, 2018 - 12:00 a.m.

Apache PDFBox 1.8.14 / 2.0.10 Denial Of Service Vulnerability

2018-07-0400:00:00
Tobias Ospelt
0day.today
26

0.005 Low

EPSS

Percentile

72.7%

JSON

Exploit for windows platform in category dos / poc

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to 
an out of memory exception in Apache PDFBox's AFMParser.

Mitigation:
Upgrade to Apache PDFBox 1.8.15 respectively 2.0.11

Credit:
This issue was discovered by Tobias Ospelt

Website:
https://pdfbox.apache.org/

Download:
https://pdfbox.apache.org/download.cgi
https://www.apache.org/dist/pdfbox/2.0.11/RELEASE-NOTES.txt
https://www.apache.org/dist/pdfbox/1.8.15/RELEASE-NOTES.txt

#  0day.today [2018-07-04]  #

Related

prion 1
nessus 6
veracode 1
ubuntucve 1
ibm 10
redhatcve 1
cve 1
debiancve 1
suse 2
osv 1
openvas 6
github 1
fedora 3
redhat 1
oracle 1
prion
prion
Code injection
2018-07-03 20:29:00
nessus
nessus
openSUSE Security Update : apache-pdfbox (openSUSE-2019-670)
2019-03-27 00:00:00
openSUSE Security Update : apache-pdfbox (openSUSE-2018-975)
2018-09-07 00:00:00
openSUSE Security Update : apache-pdfbox (openSUSE-2018-1245)
2018-10-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-07-02 07:11:50
ubuntucve
ubuntucve
CVE-2018-8036
2018-07-03 00:00:00
ibm
ibm
Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036)
2018-12-03 21:00:01
Security Bulletin: IBM FileNet Content Manager affected by Apache PDFBox security vulnerability
2019-01-16 20:15:01
Security Bulletin: Vulnerability found in fontbox-1.8.1.jarr which is shipped with IBM® Intelligent Operations Center(CVE-2018-8036)
2023-09-05 12:36:24
redhatcve
redhatcve
CVE-2018-8036
2018-07-03 05:20:02
cve
cve
CVE-2018-8036
2018-07-03 20:29:00
debiancve
debiancve
CVE-2018-8036
2018-07-03 20:29:00
suse
suse
Security update for apache-pdfbox (moderate)
2018-09-07 12:07:46
Security update for apache-pdfbox (moderate)
2018-10-24 15:18:40
osv
osv
Loop with Unreachable Exit Condition in Apache PDFBox
2022-05-13 01:53:29
openvas
openvas
openSUSE: Security Advisory for apache-pdfbox (openSUSE-SU-2018:2645-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2630-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for apache-pdfbox (openSUSE-SU-2018:3384-1)
2018-10-25 00:00:00
github
github
Loop with Unreachable Exit Condition in Apache PDFBox
2022-05-13 01:53:29
fedora
fedora
[SECURITY] Fedora 29 Update: pdfbox-2.0.16-1.fc29
2019-09-09 08:07:18
[SECURITY] Fedora 31 Update: pdfbox-2.0.16-1.fc31
2019-09-14 16:39:49
[SECURITY] Fedora 30 Update: pdfbox-2.0.16-1.fc30
2019-09-09 07:34:18
redhat
redhat
(RHSA-2018:2669) Important: Fuse 7.1 security update
2018-09-11 07:52:48
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

0.005 Low

EPSS

Percentile

72.7%

JSON
Related for 1337DAY-ID-30676
prion1nessus6veracode1ubuntucve1ibm10redhatcve1cve1debiancve1suse2osv1openvas6github1fedora3redhat1oracle1