3 matches found
club.javafamily:javafamily-utils-all (>=2.3.2-beta.3 <=2.3.2-beta.4), club.javafamily:javafamily-utils-pdf-itext (>=2.3.2-beta.3 <=2.3.2-beta.4) +249 more potentially affected by CVE-2022-24198 via com.itextpdf:itext7-core (>=7.0.4 <=7.1.9)
com.itextpdf:itext7-core MAVEN version =7.0.4, =2.3.2-beta.3, =2.3.2-beta.3, =1.6.0, =0.0.30, =0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0, =1.1.1 and more Source cves: CVE-2022-24198 Source advisory: OSV:GHSA-8C9H-4Q7G-FP7H...
CVE-2022-24198
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...
CVE-2022-24198
iText 7.1.17 contains an out-of-bounds condition in ARCFOUREncryption.encryptARCFOUR that can cause a Denial of Service when processing a crafted PDF. This aligns with CVE-2022-24198. Multiple connected sources corroborate the component and payload (ARCFOUREncryption.encryptARCFOUR; crafted PDF)....