First published: Fri Oct 05 2018(Updated: )
A vulnerability related to parsing was found in Apache PDFBox parser. A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. External References: <a href="https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E">https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E</a>
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache PDFBox | >=1.8.0<=1.8.15 | |
Apache PDFBox | >=2.0.1<=2.0.11 | |
Apache PDFBox | =2.0-rc1 | |
Apache PDFBox | =2.0-rc2 | |
Apache PDFBox | =2.0-rc3 | |
Apache PDFBox | =2.0.0 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Oracle Retail Xstore Point of Service | =17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11797 is a vulnerability in Apache PDFBox that allows a remote attacker to cause a denial of service by exploiting a flaw when parsing the page tree in a specially-crafted PDF file.
As a cybersecurity analyst, I cannot provide information on how to exploit vulnerabilities. It is important to focus on applying the necessary patches and security updates to protect against this vulnerability.
CVE-2018-11797 has a severity rating of 5.5, which is classified as medium severity.
To mitigate CVE-2018-11797, ensure that you have updated to Apache PDFBox version 1.8.16 or 2.0.12, depending on the affected version you are using.
You can find more information about CVE-2018-11797 on the Apache PDFBox mailing list and the bug report provided by Red Hat in the references section.