You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fop-dev@xmlgraphics.apache.org by "simon steiner (JIRA)" <ji...@apache.org> on 2018/08/30 08:55:00 UTC

[jira] [Resolved] (FOP-2812) Update PDFBox to 2.0.11

     [ https://issues.apache.org/jira/browse/FOP-2812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

simon steiner resolved FOP-2812.
--------------------------------
    Resolution: Fixed

[http://svn.apache.org/viewvc?view=revision&revision=1839650]

http://svn.apache.org/viewvc?view=revision&revision=1839651

> Update PDFBox to 2.0.11
> -----------------------
>
>                 Key: FOP-2812
>                 URL: https://issues.apache.org/jira/browse/FOP-2812
>             Project: FOP
>          Issue Type: Bug
>          Components: unqualified
>    Affects Versions: 2.3
>            Reporter: Deodatta Marathe
>            Assignee: simon steiner
>            Priority: Major
>
> Description from CVE
> In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
> Explanation
> The Apache PDFBox is vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion'). A successful exploit could trigger an infinite loop scenario that may lead to an out-of-memory exception in the AFMParser component, resulting in a DoS condition.
> Detection
> The application is vulnerable by using this component.
> Recommendation
> We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
> Categories
> Data
> Root Cause
> AFMParser.class : [2.0.0-RC1, 2.0.11)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)