CVE-2018-8036 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
apache	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
apache	pdfbox	1.8.0 < 𝑥 ≤ 1.8.14
apache	pdfbox	2.0.0 ≤ 𝑥 ≤ 2.0.10
apache	pdfbox	2.0.0:rc1
apache	pdfbox	2.0.0:rc2
apache	pdfbox	2.0.0:rc3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpdfbox-java

bookworm	1:1.8.16-2 fixed
bullseye	1:1.8.16-2 fixed
stretch	no-dsa
jessie	no-dsa
sid	1:1.8.16-5 fixed
trixie	1:1.8.16-5 fixed

libpdfbox2-java

bullseye	2.0.23-1 fixed
stretch	no-dsa
jessie	no-dsa
bookworm	2.0.27-2 fixed
sid	2.0.29-1 fixed
trixie	2.0.29-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpdfbox-java

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	Fixed 1:1.8.16-2~18.04 released
artful	ignored
xenial	needed
trusty	dne

libpdfbox2-java

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	Fixed 2.0.13-2~18.04 released
artful	ignored
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://access.redhat.com/errata/RHSA-2018:2669

https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6%40%3Cusers.pdfbox.apache.org%3E

https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://access.redhat.com/errata/RHSA-2018:2669

https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6%40%3Cusers.pdfbox.apache.org%3E

https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/

https://www.oracle.com/security-alerts/cpuapr2020.html