Candidate: CVE-2018-11797
PublicDate: 2018-10-05 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11797
 https://www.openwall.com/lists/oss-security/2018/10/05/4
Description:
 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully
 crafted PDF file can trigger an extremely long running computation when
 parsing the page tree.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_libpdfbox-java:
 upstream: https://svn.apache.org/r1842278
upstream_libpdfbox-java: released (1:1.8.16-1)
precise/esm_libpdfbox-java: DNE
trusty_libpdfbox-java: ignored (reached end-of-life)
trusty/esm_libpdfbox-java: DNE (trusty was needed)
xenial_libpdfbox-java: ignored (end of standard support, was needed)
bionic_libpdfbox-java: released (1:1.8.16-2~18.04)
cosmic_libpdfbox-java: released (1:1.8.16-2~18.04)
disco_libpdfbox-java: not-affected (1:1.8.16-2)
eoan_libpdfbox-java: not-affected (1:1.8.16-2)
focal_libpdfbox-java: not-affected (1:1.8.16-2)
groovy_libpdfbox-java: not-affected (1:1.8.16-2)
hirsute_libpdfbox-java: not-affected (1:1.8.16-2)
impish_libpdfbox-java: not-affected (1:1.8.16-2)
jammy_libpdfbox-java: not-affected (1:1.8.16-2)
devel_libpdfbox-java: not-affected (1:1.8.16-2)

Patches_libpdfbox2-java:
 upstream: https://svn.apache.org/r1842131
upstream_libpdfbox2-java: released (2.0.12-1)
precise/esm_libpdfbox2-java: DNE
trusty_libpdfbox2-java: DNE
trusty/esm_libpdfbox2-java: DNE
xenial_libpdfbox2-java: DNE
bionic_libpdfbox2-java: released (2.0.13-2~18.04)
cosmic_libpdfbox2-java: released (2.0.13-2~18.04)
disco_libpdfbox2-java: not-affected (2.0.13-2)
eoan_libpdfbox2-java: not-affected (2.0.13-2)
focal_libpdfbox2-java: not-affected (2.0.13-2)
groovy_libpdfbox2-java: not-affected (2.0.13-2)
hirsute_libpdfbox2-java: not-affected (2.0.13-2)
impish_libpdfbox2-java: not-affected (2.0.13-2)
jammy_libpdfbox2-java: not-affected (2.0.13-2)
devel_libpdfbox2-java: not-affected (2.0.13-2)