Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-4779

PDFBOX: Update Bouncy Castle Crypto to version 1.64

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.18
    • 2.0.19
    • Crypto

    Description

      Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:

      CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.

       

      Link to Bouncy Castle Crypto: https://www.bouncycastle.org/releasenotes.html

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. PDFBOX-4071 Improve code quality (3)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tilman Tilman Hausherr
              gorbarov Nick Gorbarov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: