Lucene search

K
osvGoogleOSV:GHSA-GV87-Q66H-4277
HistoryDec 16, 2021 - 12:02 a.m.

Command injection in itext7-core

2021-12-1600:02:15
Google
osv.dev
85
itextpdf
command injection
comparetool
ghostscript

EPSS

0.003

Percentile

71.9%

iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.