CVE-2018-8002

Published: 09 March 2018

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
libpodofo Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 20.10 (Groovy Gorilla)	Needed
	Ubuntu 20.04 LTS (Focal Fossa)	Needed
	Ubuntu 18.04 LTS (Bionic Beaver)	Needed
	Ubuntu 16.04 LTS (Xenial Xerus)	Needed
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was needs-triage)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8002
https://bugzilla.redhat.com/show_bug.cgi?id=1548930
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892557

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM