Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-4779

PDFBOX: Update Bouncy Castle Crypto to version 1.64

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.18
    • Fix Version/s: 2.0.19
    • Component/s: Crypto
    • Labels:

      Description

      Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:

      CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.

       

      Link to Bouncy Castle Crypto: https://www.bouncycastle.org/releasenotes.html

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tilman Tilman Hausherr
                Reporter:
                gorbarov Nick Gorbarov
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: