[FOP-2812] Update PDFBox to 2.0.11 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3
Fix Version/s: None
Component/s: unqualified
Labels:
None

Description

Description from CVE
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Explanation
The Apache PDFBox is vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion'). A successful exploit could trigger an infinite loop scenario that may lead to an out-of-memory exception in the AFMParser component, resulting in a DoS condition.

Detection
The application is vulnerable by using this component.

Recommendation
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Categories
Data

Root Cause
AFMParser.class : [2.0.0-RC1, 2.0.11)

Attachments

Activity

People

Assignee:: Simon Steiner

Reporter:: Deodatta Marathe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Aug/18 08:20

Updated:: 30/Aug/18 08:54

Resolved:: 30/Aug/18 08:54