A carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well
Gentoo Security Scout
Fixed in version 1.8.15,
@maintainer(s): any one considering bulk stabilization for dev-java/* to handle the mounting security bugs? Just asking... as several are still unconfirmed yet fixes are available for later versions.
The bug has been referenced in the following commit(s):
Author: Thomas Deutschmann <firstname.lastname@example.org>
AuthorDate: 2018-09-11 12:17:28 +0000
Commit: Thomas Deutschmann <email@example.com>
CommitDate: 2018-09-11 12:17:28 +0000
dev-java/pdfbox: bump to v1.8.15
Package-Manager: Portage-2.3.49, Repoman-2.3.10
dev-java/pdfbox/Manifest | 1 +
dev-java/pdfbox/pdfbox-1.8.15.ebuild | 78 ++++++++++++++++++++++++++++++++++++
2 files changed, 79 insertions(+)
@arches, please stabilize.
Looking good on ppc64.
# cat pdfbox-659648.report
USE tests started on Fr 7. Dez 23:42:39 CET 2018
FEATURES=' test' USE='' succeeded for =dev-java/pdfbox-1.8.15
USE='-doc -source' succeeded for =dev-java/pdfbox-1.8.15
USE='doc -source' succeeded for =dev-java/pdfbox-1.8.15
USE='-doc source' succeeded for =dev-java/pdfbox-1.8.15
USE='doc source' succeeded for =dev-java/pdfbox-1.8.15
revdep tests started on Sa 8. Dez 00:03:04 CET 2018
FEATURES=' test' USE='' succeeded for dev-tex/pdfannotextractor
@maintainer, please clean.
tree is clean