In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 03:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb%40%3Cannounce.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a%40%3Cannounce.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E - | |
References | () https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/ - | |
References | () https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory |
21 May 2021, 16:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:pdfbox:1.8.14:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.15:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.13:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.7:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.12:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.8:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.9:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:2.0.0:-:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8@%3Cdev.pdfbox.apache.org%3E - Mailing List, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/ - Mailing List, Third Party Advisory |
Information
Published : 2018-10-05 20:29
Updated : 2024-11-21 03:44
NVD link : CVE-2018-11797
Mitre link : CVE-2018-11797
CVE.ORG link : CVE-2018-11797
JSON object : View
Products Affected
oracle
- retail_xstore_point_of_service
apache
- pdfbox
fedoraproject
- fedora
CWE