Bug 1597490 (CVE-2018-8036)
Summary: | CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abergmann, aileenc, alazarot, anstephe, bkearney, chazlett, drieden, etirelli, ggainey, gvarsami, ibek, java-sig-commits, jcoleman, jolee, jschatte, jstastny, kconner, krathod, kverlaen, ldimaggi, lpetrovi, meissner, nwallace, paradhya, puntogil, rrajasek, rsynek, rwagner, rzhang, sdaley, tcunning, tkirby, tlestach, vhalbert |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pdfbox 1.8.15, pdfbox 2.0.10 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:31:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1597491 | ||
Bug Blocks: | 1597492 |
Description
Sam Fowler
2018-07-03 04:52:22 UTC
Created pdfbox tracking bugs for this issue: Affects: fedora-all [bug 1597491] Statement: While Fuse 6.3 and Fuse 7.0 ship vulnerable artifact via camel-pdfbox, however, the flawed code is not being used therefore no execution path leads to an exposure to this vulnerability, so both Fuse 6.3, 7 standalone are not affected. However, Fuse 7.0 on OpenShift ship vulnerable artifact via maven BOM, so setting Fuse 7.0 as affected for this reason only. This issue has been addressed in the following products: Red Hat JBoss Fuse Via RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2669 |