ID CVE-2018-8036
Summary In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:1.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:1.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:pdfbox:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:pdfbox:2.0.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2018:2669
refmap via4
fedora
  • FEDORA-2019-6fa01d12b4
  • FEDORA-2019-9e91afa2be
misc https://www.oracle.com/security-alerts/cpuapr2020.html
mlist
  • [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?
  • [users] 20180629 [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
Last major update 03-10-2019 - 00:03
Published 03-07-2018 - 20:29
Last modified 03-10-2019 - 00:03
Back to Top