CVE-2018-8036
- Source
- https://cve.org/CVERecord?id=CVE-2018-8036
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8036.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-8036
- Aliases
- Downstream
- Related
- Published
- 2018-07-03T20:29:00.247Z
- Modified
- 2026-04-02T01:25:12.951205Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6%40%3Cusers.pdfbox.apache.org%3E
- https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E
- https://access.redhat.com/errata/RHSA-2018:2669
Affected packages
Git / github.com/apache/pdfbox
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/pdfbox
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.8.14" }, { "introduced": "2.0.0" }, { "last_affected": "2.0.10" }, { "introduced": "0" }, { "last_affected": "2.0.0-rc1" }, { "introduced": "0" }, { "last_affected": "2.0.0-rc2" }, { "introduced": "0" }, { "last_affected": "2.0.0-rc3" } ] }
Affected versions
0.*
0.8.0-incubating
1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.3.1
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.8.0
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
2.*
2.0.0
2.0.0-RC1
2.0.0-RC2
2.0.0-RC3
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
3.*
3.0.0
3.0.0-RC1
3.0.0-alpha2
3.0.0-alpha3
3.0.0-beta1
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7