{"id":"CVE-2018-11797","details":"In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.","aliases":["GHSA-gx96-vgf7-hwfg"],"modified":"2026-04-10T04:05:35.666587Z","published":"2018-10-05T20:29:00.250Z","related":["SUSE-SU-2018:3318-1","SUSE-SU-2018:3755-1","openSUSE-SU-2024:10622-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/pdfbox","events":[{"introduced":"cc7eeb2147fa787468542bc8a577fe35c19c0473"},{"last_affected":"898aa0f4b8d5fe94dd84961dba59c5d08c2be600"},{"introduced":"bc2f3322eaf7ea462f8678939ee60e31c656161e"},{"last_affected":"10569b242fca628db93f5a7f5b2cfe7a046fc636"},{"introduced":"0"},{"last_affected":"9b2e8e73b853d38490de98041627a3f9b075eb96"}],"database_specific":{"versions":[{"introduced":"1.8.0"},{"last_affected":"1.8.15"},{"introduced":"2.0.1"},{"last_affected":"2.0.11"},{"introduced":"0"},{"last_affected":"2.0.0-NA"}]}}],"versions":["1.8.15","2.0.0","2.0.11"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11797.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}