Details

      Description

      From our private mailinglist reported by Tim Allison:

      Tobias Ospelt has been working with fuzzing to identify oom/infinite loops. Tobias' attached file triggers a really long running loop which eventually leads to an OOM. It looks like this loop is the problem in AFMParser's readLine():

      while(!this.isEOL(nextByte = this.input.read())) {
            buf.append((char)nextByte);
      }
      

      CVE-2018-8036

      Description: A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

      Affected versions:
      <= 1.8.14
      <= 2.0.10

      Mitigation: update to a more recent version

        Attachments

          Activity

            People

            • Assignee:
              lehmi Andreas Lehmkühler
              Reporter:
              lehmi Andreas Lehmkühler
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: