Vulnerabilities > CVE-2018-11797

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
apache
fedoraproject
oracle
nessus

Summary

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9E91AFA2BE.NASL
    descriptionUpdate to 2.0.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128625
    published2019-09-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128625
    titleFedora 30 : pdfbox (2019-9e91afa2be)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1547.NASL
    descriptionIt was discovered that there was a denial of service vulnerability in libpdfbox-java, a PDF library for Java. A malicious PDF file could have triggered an extremely long running computation when parsing the page tree. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id118157
    published2018-10-17
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118157
    titleDebian DLA-1547-1 : libpdfbox-java security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1422.NASL
    descriptionThis update for apache-pdfbox fixes the following security issue : - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009) : This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-11-19
    plugin id119027
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119027
    titleopenSUSE Security Update : apache-pdfbox (openSUSE-2018-1422)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6FA01D12B4.NASL
    descriptionUpdate to 2.0.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128624
    published2019-09-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128624
    titleFedora 29 : pdfbox (2019-6fa01d12b4)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1245.NASL
    descriptionThis update for apache-pdfbox fixes the following security issue : - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721). - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009) : This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-05
    modified2018-10-25
    plugin id118381
    published2018-10-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118381
    titleopenSUSE Security Update : apache-pdfbox (openSUSE-2018-1245)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-924.NASL
    descriptionThis update for apache-pdfbox fixes the following security issue : - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009) : This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123377
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123377
    titleopenSUSE Security Update : apache-pdfbox (openSUSE-2019-924)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-88F53A7433.NASL
    descriptionUpdate to 2.0.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129630
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129630
    titleFedora 31 : pdfbox (2019-88f53a7433)