Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Itextpdf Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43113 2 Debian, Itextpdf 2 Debian Linux, Itext 2023-02-24 7.5 HIGH 9.8 CRITICAL
iTextPDF in iText 7 and up to 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
CVE-2022-24198 1 Itextpdf 1 Itext 2023-02-09 4.3 MEDIUM 6.5 MEDIUM
** DISPUTED ** iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
CVE-2017-20151 1 Itextpdf 1 Rups 2023-01-09 N/A 9.8 CRITICAL
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.
CVE-2022-24196 1 Itextpdf 1 Itext 2022-06-16 4.3 MEDIUM 6.5 MEDIUM
iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24197 1 Itextpdf 1 Itext 2022-06-03 4.3 MEDIUM 6.5 MEDIUM
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2017-9096 1 Itextpdf 1 Itext 2020-10-20 6.8 MEDIUM 8.8 HIGH
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.