Lucene search
K

25 matches found

Debian CVE
Debian CVE
added 2021/12/15 12:0 a.m.40 views

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

9.8CVSS8.8AI score0.05172EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2021/12/15 12:0 a.m.1 views

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

5.4AI score0.05172EPSS
Exploits1References5
CVE
CVE
added 2021/12/15 12:0 a.m.138 views

CVE-2021-43113

The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...

9.8CVSS9.3AI score0.05172EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2021/12/15 12:0 a.m.32 views

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

9.8AI score0.05172EPSS
Exploits1References5
Veracode
Veracode
added 2017/11/29 12:51 a.m.36 views

XML External Entity (XXE) Injection

itextpdf is vulnerable to XML external entity XXE injection attacks. These attacks are possible because the library does not disable external entities when parsing pdf files...

8.8CVSS9.1AI score0.09946EPSS
Exploits1References4Affected Software4
Rows per page
Query Builder