Lucene search
K

102 matches found

CNNVD
CNNVD
added 2022/02/01 12:0 a.m.5 views

iText 缓冲区错误漏洞

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText has a buffer error vulnerability that originates from the iText v7.1.17 component readStreamBytesRaw contains an out-of-memory error that can be exploite...

6.5CVSS6.7AI score0.01502EPSS
Exploits1References3
CVE
CVE
added 2022/02/01 12:0 a.m.86 views

CVE-2022-24196

CVE-2022-24196 affects iText Java PDF library versions up to (but not including) 7.1.18 and 7.2.2, with the root cause in the readStreamBytesRaw component. This creates an out-of-memory condition that can be exploited by a crafted PDF to cause a Denial of Service. Public sources identify vulnerab...

6.5CVSS6.2AI score0.01612EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/02/01 12:0 a.m.90 views

CVE-2022-24198

iText 7.1.17 contains an out-of-bounds condition in ARCFOUREncryption.encryptARCFOUR that can cause a Denial of Service when processing a crafted PDF. This aligns with CVE-2022-24198. Multiple connected sources corroborate the component and payload (ARCFOUREncryption.encryptARCFOUR; crafted PDF)....

6.5CVSS6.3AI score0.00547EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/01 12:0 a.m.27 views

CVE-2022-24197

iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

6.7AI score0.01502EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/01 12:0 a.m.31 views

CVE-2022-24198

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...

6.5AI score0.00547EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/19 12:0 a.m.24 views

iText command injection vulnerability

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...

9.8CVSS4.4AI score0.05172EPSS
Exploits1References1
OSV
OSV
added 2021/12/16 12:2 a.m.3 views

GHSA-GV87-Q66H-4277 Command injection in itext7-core

iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

9.8CVSS7.1AI score0.05172EPSS
Exploits1References7
CVE
CVE
added 2021/12/15 12:0 a.m.137 views

CVE-2021-43113

The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...

9.8CVSS9.3AI score0.05172EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.4 views

PT-2021-23745 · Unknown +1 · Ghostscript +1

Name of the Vulnerable Software and Affected Versions: iText versions prior to 7.1.17 Description: The issue allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java. This can occur when a malicious filename is provide...

9.8CVSS8.8AI score0.05172EPSS
Exploits1References24
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.4 views

iText 命令注入漏洞

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...

9.8CVSS6AI score0.05172EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.126 views

Oracle Primavera Unifier (Oct 2020 CPU)

The 16.1-16.2, 17.7-17.12, 18.8, and 19.12 versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platfor...

9.1CVSS6.5AI score0.98567EPSS
Exploits13References8
Openbugbounty
Openbugbounty
added 2020/06/02 1:15 p.m.21 views

itext.2136553.n4.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181572 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 5:43 p.m.7 views

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +64 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.55)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

7.4CVSS7.1AI score0.0219EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/11/14 8:49 a.m.61 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS6.1AI score0.09902EPSS
Exploits1References2
0day.today
0day.today
added 2017/11/09 12:0 a.m.715 views

iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection Vulnerability

Exploit for java platform in category remote exploits Product: iText PDF Library Vendor: iText Group CVE ID: CVE-2017-9096 Subject: XML External Entity Attack XXE Risk: Medium Effect: Remotely exploitable Author: Benjamin Bruppacher Date: 2017-11-06 Introduction: ------------- iText is a software...

6.8CVSS0.2AI score0.09902EPSS
Exploits1
NVD
NVD
added 2017/11/08 4:29 p.m.26 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.5AI score0.09902EPSS
Exploits1References4
Prion
Prion
added 2017/11/08 4:29 p.m.22 views

Xxe

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

6.8CVSS8.3AI score0.09902EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2017/11/08 4:29 p.m.24 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS6.7AI score
Exploits0References4
EUVD
EUVD
added 2017/11/08 4:0 p.m.9 views

EUVD-2022-3126

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.3AI score0.09902EPSS
Exploits1References5
CVE
CVE
added 2017/11/08 4:0 p.m.302 views

CVE-2017-9096

The CVE-2017-9096 issue concerns the iText PDF library where XML parsers do not disable external entities, enabling XXE via crafted PDFs. Public docs identify the root cause as improper XML External Entity handling in iText before 5.5.12 and before 7.0.3, with IBM Bulletins noting fixes in IBM Da...

8.8CVSS8.3AI score0.09902EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder