You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Andreas Lehmkühler (JIRA)" <ji...@apache.org> on 2018/06/29 06:17:00 UTC
[jira] [Resolved] (PDFBOX-4251) Optimize AFMParser
[ https://issues.apache.org/jira/browse/PDFBOX-4251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Lehmkühler resolved PDFBOX-4251.
----------------------------------------
Resolution: Fixed
Thanks to [~tallison@apache.org] and Tobias Ospelt for the report and [~tilman] for the fix
> Optimize AFMParser
> ------------------
>
> Key: PDFBOX-4251
> URL: https://issues.apache.org/jira/browse/PDFBOX-4251
> Project: PDFBox
> Issue Type: Improvement
> Components: FontBox
> Affects Versions: 1.8.14, 2.0.10, 3.0.0 PDFBox
> Reporter: Andreas Lehmkühler
> Assignee: Andreas Lehmkühler
> Priority: Major
> Labels: CVE-2018-8036
> Fix For: 1.8.15, 2.0.11, 3.0.0 PDFBox
>
>
> From our private mailinglist reported by [~tallison@apache.org]:
> {quote}
> Tobias Ospelt has been working with fuzzing to identify oom/infinite loops. Tobias' attached file triggers a really long running loop which eventually leads to an OOM. It looks like this loop is the problem in AFMParser's readLine():
> {quote}
>
> {code}
> while(!this.isEOL(nextByte = this.input.read())) {
> buf.append((char)nextByte);
> }
> {code}
> CVE-2018-8036
> Description: A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
> Affected versions:
> <= 1.8.14
> <= 2.0.10
> Mitigation: update to a more recent version
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org