Security update for apache-pdfbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3384-1 Final 1 1 2018-10-24T08:57:17Z current 2018-10-24T08:57:17Z 2018-10-24T08:57:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for apache-pdfbox This update for apache-pdfbox fixes the following security issue: - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721). - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009): This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00061.html E-Mail link for openSUSE-SU-2018:3384-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 apache-pdfbox-1.8.12-4.3.1 apache-pdfbox-javadoc-1.8.12-4.3.1 apache-pdfbox-1.8.12-4.3.1 as a component of openSUSE Leap 42.3 apache-pdfbox-javadoc-1.8.12-4.3.1 as a component of openSUSE Leap 42.3 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. CVE-2018-11797 openSUSE Leap 42.3:apache-pdfbox-1.8.12-4.3.1 openSUSE Leap 42.3:apache-pdfbox-javadoc-1.8.12-4.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00061.html https://www.suse.com/security/cve/CVE-2018-11797.html CVE-2018-11797 https://bugzilla.suse.com/1111009 SUSE Bug 1111009 In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. CVE-2018-8036 openSUSE Leap 42.3:apache-pdfbox-1.8.12-4.3.1 openSUSE Leap 42.3:apache-pdfbox-javadoc-1.8.12-4.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00061.html https://www.suse.com/security/cve/CVE-2018-8036.html CVE-2018-8036 https://bugzilla.suse.com/1099721 SUSE Bug 1099721