Uploaded image for project: 'FOP'
  1. FOP
  2. FOP-2812

Update PDFBox to 2.0.11

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3
    • Fix Version/s: None
    • Component/s: unqualified
    • Labels:
      None

      Description

      Description from CVE
      In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
      Explanation
      The Apache PDFBox is vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion'). A successful exploit could trigger an infinite loop scenario that may lead to an out-of-memory exception in the AFMParser component, resulting in a DoS condition.

      Detection
      The application is vulnerable by using this component.

      Recommendation
      We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

      Categories
      Data

      Root Cause
      AFMParser.class : [2.0.0-RC1, 2.0.11)

        Attachments

          Activity

            People

            • Assignee:
              ssteiner Simon Steiner
              Reporter:
              ddmarath Deodatta Marathe

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment