Candidate: CVE-2018-8036
PublicDate: 2018-07-03 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8036
 http://www.openwall.com/lists/oss-security/2018/06/29/2
 https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6@%3Cusers.pdfbox.apache.org%3E
Description:
 In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully
 crafted (or fuzzed) file can trigger an infinite loop which leads to an out
 of memory exception in Apache PDFBox's AFMParser.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902776
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_libpdfbox-java:
upstream_libpdfbox-java: released (1:1.8.15-1)
precise/esm_libpdfbox-java: DNE
trusty_libpdfbox-java: ignored (reached end-of-life)
trusty/esm_libpdfbox-java: DNE (trusty was needs-triage)
xenial_libpdfbox-java: ignored (end of standard support, was needs-triage)
artful_libpdfbox-java: ignored (reached end-of-life)
bionic_libpdfbox-java: released (1:1.8.16-2~18.04)
cosmic_libpdfbox-java: not-affected (1:1.8.15-1)
disco_libpdfbox-java: not-affected (1:1.8.15-1)
eoan_libpdfbox-java: not-affected (1:1.8.15-1)
focal_libpdfbox-java: not-affected (1:1.8.15-1)
groovy_libpdfbox-java: not-affected (1:1.8.15-1)
hirsute_libpdfbox-java: not-affected (1:1.8.15-1)
impish_libpdfbox-java: not-affected (1:1.8.15-1)
jammy_libpdfbox-java: not-affected (1:1.8.15-1)
devel_libpdfbox-java: not-affected (1:1.8.15-1)

Patches_libpdfbox2-java:
upstream_libpdfbox2-java: released (2.0.11-1)
precise/esm_libpdfbox2-java: DNE
trusty_libpdfbox2-java: DNE
trusty/esm_libpdfbox2-java: DNE
xenial_libpdfbox2-java: DNE
artful_libpdfbox2-java: ignored (reached end-of-life)
bionic_libpdfbox2-java: released (2.0.13-2~18.04)
cosmic_libpdfbox2-java: not-affected (2.0.11-1)
disco_libpdfbox2-java: not-affected (2.0.11-1)
eoan_libpdfbox2-java: not-affected (2.0.11-1)
focal_libpdfbox2-java: not-affected (2.0.11-1)
groovy_libpdfbox2-java: not-affected (2.0.11-1)
hirsute_libpdfbox2-java: not-affected (2.0.11-1)
impish_libpdfbox2-java: not-affected (2.0.11-1)
jammy_libpdfbox2-java: not-affected (2.0.11-1)
devel_libpdfbox2-java: not-affected (2.0.11-1)