CVE-2018-8036 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-8036 PUBLISHED

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

EPSS 0.55% · 67.7th percentile

Risk Scores

EPSS Score

0.55%

67.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	libpdfbox-java	0, 1:1.8.13-1, 1:1.8.13-2
Ubuntu:16.04:LTS	libpdfbox-java	1:1.8.10-2, 1:1.8.11+dfsg-1, 0
Ubuntu:18.04:LTS	libpdfbox2-java	0, 2.0.7-1, 2.0.8-1

Timeline

Apr 30, 2017 PoC Published
Jul 3, 2018 CVE Published
Jul 4, 2018 PoC Published
Oct 3, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Jun 28, 2021 PoC Published
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 22, 2022 PoC Published

References

https://ubuntu.com/security/CVE-2018-8036 third-party-advisory
http://www.openwall.com/lists/oss-security/2018/06/29/2 third-party-advisory
https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6@%3Cusers.pdfbox.apache.org%3E third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-8036 third-party-advisory

Open in Interactive Console →