4.3
CVSSv2

CVE-2018-8036

Published: 03/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache pdfbox

apache pdfbox 2.0.0

Vendor Advisories

Debian Bug report logs - #902776 libpdfbox-java: CVE-2018-8036 Package: libpdfbox-java; Maintainer for libpdfbox-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libpdfbox-java is src:libpdfbox-java (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sat ...
Vulnerabilities in Apache PDFBox affect Transformation Extender ...
IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception in AFMParser By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the applica ...
In Apache PDFBox 180 to 1814 and 200RC1 to 2010, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser ...
Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...

Mailing Lists

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 180 to 1814 Apache PDFBox 200 to 2010 Earlier, unsupported Apache PDFBox versions may be affected as well Description: Mitigation: Upgrade to Apache PDFBox 1815 respectively ...
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 180 to 1814 Apache PDFBox 200 to 2010 Earlier, unsupported Apache PDFBox versions may be affected as well Description: Mitigation: Upgrade to Apache PDFBox 1815 respectively ...

Github Repositories

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests w

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

JQF + Zest: Coverage-guided semantic fuzzing for Java.

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java, which uses the abstraction of property-based testing JQF is built on top of junit-quickcheck: a tool for generating random arguments for parametric Junit test methods JQF enables better input generation using coverage-guided fuzzing algorithms such as Zest Zest is an algorithm th

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests