CVE-2018-8036 – pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF

https://notcve.org/view.php?id=CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. En Apache PDFBox, desde la versión 1.8.0 hasta la 1.8.14 y desde la 2.0.0RC1 hasta la 2.0.10, un archivo especialmente manipulado (o no válido) que puede desencadenar un bucle infinito que conduce a una excepción de agotamiento de memoria en Apache PDFBox's AFMParser. • https://access.redhat.com/errata/RHSA-2018:2669 https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6%40%3Cusers.pdfbox.apache.org%3E https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX https://www.orac • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •