apache-pdfbox-2.0.23-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10622-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z apache-pdfbox-2.0.23-1.3 on GA media These are all security issues fixed in the apache-pdfbox-2.0.23-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10622 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-11797/ SUSE CVE CVE-2018-11797 page https://www.suse.com/security/cve/CVE-2018-8036/ SUSE CVE CVE-2018-8036 page https://www.suse.com/security/cve/CVE-2021-27807/ SUSE CVE CVE-2021-27807 page https://www.suse.com/security/cve/CVE-2021-27906/ SUSE CVE CVE-2021-27906 page openSUSE Tumbleweed apache-pdfbox-2.0.23-1.3 apache-pdfbox-javadoc-2.0.23-1.3 apache-pdfbox-2.0.23-1.3 as a component of openSUSE Tumbleweed apache-pdfbox-javadoc-2.0.23-1.3 as a component of openSUSE Tumbleweed In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. CVE-2018-11797 openSUSE Tumbleweed:apache-pdfbox-2.0.23-1.3 openSUSE Tumbleweed:apache-pdfbox-javadoc-2.0.23-1.3 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11797.html CVE-2018-11797 https://bugzilla.suse.com/1111009 SUSE Bug 1111009 In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. CVE-2018-8036 openSUSE Tumbleweed:apache-pdfbox-2.0.23-1.3 openSUSE Tumbleweed:apache-pdfbox-javadoc-2.0.23-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-8036.html CVE-2018-8036 https://bugzilla.suse.com/1099721 SUSE Bug 1099721 A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. CVE-2021-27807 openSUSE Tumbleweed:apache-pdfbox-2.0.23-1.3 openSUSE Tumbleweed:apache-pdfbox-javadoc-2.0.23-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-27807.html CVE-2021-27807 https://bugzilla.suse.com/1184356 SUSE Bug 1184356 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. CVE-2021-27906 openSUSE Tumbleweed:apache-pdfbox-2.0.23-1.3 openSUSE Tumbleweed:apache-pdfbox-javadoc-2.0.23-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-27906.html CVE-2021-27906 https://bugzilla.suse.com/1184356 SUSE Bug 1184356 https://bugzilla.suse.com/1184357 SUSE Bug 1184357