漏洞信息详情
Apache PDFBox 输入验证错误漏洞
- CNNVD编号:CNNVD-201810-227
- 危害等级: 中危
- CVE编号: CVE-2018-11797
- 漏洞类型: 输入验证错误
- 发布时间: 2018-10-08
- 威胁类型: 本地
- 更新时间: 2021-05-19
- 厂 商: apache
- 漏洞来源: Red Hat
漏洞简介
Apache PDFBox是美国阿帕奇(Apache)软件基金会的一款基于Java语言的开源工具库。该产品提供PDF文档创建和编辑等功能。
Apache PDFBox 1.8.0版本至1.8.15版本和2.0.0RC1版本至2.0.11版本中存在输入验证错误漏洞。远程攻击者可借助特制的PDF文件利用该漏洞造成拒绝服务。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread.HTML/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.HTML/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb@%3Cannounce.apache.org%3E
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/
来源:N/A
链接:https://www.oracle.com/security-alerts/cpuapr2020.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8@%3Cdev.pdfbox.apache.org%3E
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/10/msg00008.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1087768
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4024/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158636/Red-Hat-Security-Advisory-2020-3192-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2588/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-pdfbox-affect-apache-solr-shipped-ibm-operations-analytics-log-analysis-analysis-cve-2018-11797/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/75610
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10734711
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilties-3/
受影响实体
- Apache Pdfbox:2.0.11
- Apache Pdfbox:2.0.10
- Apache Pdfbox:2.0.9
- Apache Pdfbox:2.0.8
- Apache Pdfbox:2.0.7
补丁
- Apache PDFBox 安全漏洞的修复措施
评论