{"id":"CVE-2018-8036","details":"In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.","aliases":["GHSA-j2xq-pfff-mvgg"],"modified":"2026-03-15T15:03:25.043834Z","published":"2018-07-03T20:29:00.247Z","related":["SUSE-SU-2018:2630-1","SUSE-SU-2018:3318-1","openSUSE-SU-2024:10622-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6%40%3Cusers.pdfbox.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2669"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/pdfbox","events":[{"introduced":"0"},{"last_affected":"a48b3adb3386a3e9d9c93f7341aeed113cc95333"},{"introduced":"9b2e8e73b853d38490de98041627a3f9b075eb96"},{"last_affected":"a625e6e1aa6df28a1b345501eefcc5be62a463d2"},{"introduced":"0"},{"last_affected":"8890ccbf0b3a233578b952748ce090f54c53fea7"},{"introduced":"0"},{"last_affected":"ac9c5c440af820b372f56f53835316ec2b943963"},{"introduced":"0"},{"last_affected":"1400def5c88140cc9be1245b9b4774a9d558d73c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.14"},{"introduced":"2.0.0"},{"last_affected":"2.0.10"},{"introduced":"0"},{"last_affected":"2.0.0-rc1"},{"introduced":"0"},{"last_affected":"2.0.0-rc2"},{"introduced":"0"},{"last_affected":"2.0.0-rc3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8036.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}