A vulnerability related to parsing was found in Apache PDFBox parser. A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Created pdfbox tracking bugs for this issue:
Affects: fedora-all [bug 1637494]
Regarding the Satellite 5 product:
Reducing the severity to Low : PDFBox is only used to create PDF. No attack vector, where an attacker could send a crafted PDF for parsing, have been found.
This vulnerability is out of security support scope for the following products:
* Red Hat JBoss BPM Suite 6
* Red Hat JBoss BRMS 6
* Red Hat JBoss Fuse Service Works 6
* Red Hat JBoss Fuse 6
* Red Hat JBoss Data Virtualization & Services 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.