{"id":"CVE-2018-11797","details":"In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.","aliases":["GHSA-gx96-vgf7-hwfg"],"modified":"2026-05-28T04:03:55.350509151Z","published":"2018-10-05T20:29:00.250Z","related":["SUSE-SU-2018:3318-1","SUSE-SU-2018:3755-1","openSUSE-SU-2024:10622-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"apache:pdfbox","cpes":["cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:*","cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:*","cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"last_affected":"2.0-rc1"},{"last_affected":"2.0-rc2"},{"last_affected":"2.0-rc3"}]},{"vendor_product":"fedoraproject:fedora","cpes":["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"last_affected":"29"},{"last_affected":"30"}]},{"source":"CPE_STRING","cpes":["cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:retail_xstore_point_of_service","extracted_events":[{"last_affected":"17.0"}]}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/pdfbox","events":[{"introduced":"cc7eeb2147fa787468542bc8a577fe35c19c0473"},{"last_affected":"898aa0f4b8d5fe94dd84961dba59c5d08c2be600"},{"introduced":"bc2f3322eaf7ea462f8678939ee60e31c656161e"},{"last_affected":"10569b242fca628db93f5a7f5b2cfe7a046fc636"},{"introduced":"0"},{"last_affected":"9b2e8e73b853d38490de98041627a3f9b075eb96"}],"database_specific":{"cpe":["cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*","cpe:2.3:a:apache:pdfbox:2.0.0:-:*:*:*:*:*:*"],"source":["CPE_RANGE","CPE_STRING"],"extracted_events":[{"introduced":"1.8.0"},{"last_affected":"1.8.15"},{"introduced":"2.0.1"},{"last_affected":"2.0.11"},{"introduced":"0"},{"last_affected":"2.0.0-NA"}]}}],"versions":["2.0.0","2.0.11","1.8.15"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11797.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}