Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43113 | 2 Debian, Itextpdf | 2 Debian Linux, Itext | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| iTextPDF in iText 7 and up to 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | |||||
| CVE-2022-24198 | 1 Itextpdf | 1 Itext | 2023-02-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable. | |||||
| CVE-2022-24196 | 1 Itextpdf | 1 Itext | 2022-06-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-24197 | 1 Itextpdf | 1 Itext | 2022-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2017-9096 | 1 Itextpdf | 1 Itext | 2020-10-20 | 6.8 MEDIUM | 8.8 HIGH |
| The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. | |||||