Base Score

MEDIUM6.5

CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

VectorNETWORK

Published Bysecurity@apache.org

Published DateJul 03, 2018, 20:29

Affected Versions(2)

org.apache.pdfbox:pdfbox(Maven)

Introduced1.8.0

Fixed1.8.15

LimitN/A

org.apache.pdfbox:pdfbox(Maven)

Introduced2.0.0RC1

Fixed2.0.11

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.pdfbox:pdfbox(Maven)	1.8.0	1.8.15	N/A
org.apache.pdfbox:pdfbox(Maven)	2.0.0RC1	2.0.11	N/A

Weakness Type (CWE):CWE-835

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-835

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH