Affects Version/s: 2.3
Fix Version/s: None
Description from CVE
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
The Apache PDFBox is vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion'). A successful exploit could trigger an infinite loop scenario that may lead to an out-of-memory exception in the AFMParser component, resulting in a DoS condition.
The application is vulnerable by using this component.
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
AFMParser.class : [2.0.0-RC1, 2.0.11)