Lucene search
K

102 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-24196

iText v7.1.17, up to exluding": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

6.5CVSS6.4AI score0.01612EPSS
Exploits1References3
OSV
OSV
added 2022/12/30 12:30 p.m.11 views

GHSA-J69F-FGH5-F7MC iText RUPS XML External Entity vulnerability

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It...

9.8CVSS9.5AI score0.00752EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/12/30 12:30 p.m.34 views

iText RUPS XML External Entity vulnerability

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It...

9.8CVSS9.1AI score0.00752EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/12/30 12:15 p.m.13 views

CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

9.8CVSS9.6AI score0.00752EPSS
Exploits0References3
NVD
NVD
added 2022/12/30 12:15 p.m.25 views

CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

9.8CVSS0.00752EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/12/30 12:15 p.m.19 views

CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

9.8CVSS5.7AI score0.00752EPSS
Exploits0References1
Prion
Prion
added 2022/12/30 12:15 p.m.20 views

Xxe

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

7.5CVSS9.5AI score0.00752EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/12/30 12:15 p.m.4 views

UBUNTU-CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

9.8CVSS5.4AI score0.00752EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/30 11:35 a.m.24 views

CVE-2017-20151 iText RUPS XfaFile.java xml external entity reference

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

5.5CVSS9.6AI score0.00752EPSS
Exploits0References3
CVE
CVE
added 2022/12/30 11:35 a.m.63 views

CVE-2017-20151

The CVE-2017-20151 issue affects iText RUPS, specifically code in XfaFile.java that can lead to an XML External Entity (XXE) reference. The public documentation consistently notes the vulnerability arises from manipulating XfaFile.java and identifies the patch as ac5590925874ef810018a6b60fec216ee...

9.8CVSS7.5AI score0.00752EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/30 12:0 a.m.4 views

PT-2022-8016 · Itext · Itext Rups

Name of the Vulnerable Software and Affected Versions: iText RUPS affected versions not specified Description: A vulnerability was found in iText RUPS, affecting unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference...

9.8CVSS5.8AI score0.00752EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.5 views

iText 代码问题漏洞

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. A code issue vulnerability exists in iText RUPS. An attacker exploits this vulnerability to cause xml external entity references...

9.8CVSS6.6AI score0.00752EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/13 1:14 a.m.4 views

africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +1452 more potentially affected by CVE-2017-9096 via com.lowagie:itext (>=1.3 <=4.2.2)

com.lowagie:itext MAVEN version =1.3, =1.0.0, =1.0.0, =0.1.0, =2.0.7, =1.0.0, =1.0.7, =5.0.0, =1.0.0, =1.0, =1.0, =1.0, =0.0.1, =0.0.1, =1.1.8, =2.4.0 and more Source cves: CVE-2017-9096 Source advisory: OSV:GHSA-86P9-X5PW-94QX...

8.8CVSS7.2AI score0.09946EPSS
Exploits1
OSV
OSV
added 2022/05/13 1:14 a.m.1 views

GHSA-86P9-X5PW-94QX Improper Restriction of XML External Entity Reference in iText

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS5.9AI score0.09946EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.39 views

Improper Restriction of XML External Entity Reference in iText

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS5.9AI score0.09946EPSS
Exploits1References6Affected Software2
Veracode
Veracode
added 2022/02/03 9:8 a.m.15 views

Denial Of Service (DoS)

iText is vulnerable to denial of service. The vulnerability exists due to an out-of-memory error via the component readStreamBytesRaw which allows an attacker to crash the system via a maliciously crafted PDF file...

6.5CVSS3.7AI score0.01612EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/02 12:1 a.m.12 views

GHSA-8C9H-4Q7G-FP7H Out-of-bounds Read in iText

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...

6.5CVSS6.2AI score0.00547EPSS
Exploits0References4
OSV
OSV
added 2022/02/02 12:1 a.m.47 views

GHSA-HHH6-CM2M-3FHC Allocation of Resources Without Limits or Throttling in iText

iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

6.5CVSS6.2AI score0.01612EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/02/02 12:1 a.m.36 views

Out-of-bounds Read in iText

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...

6.5CVSS5AI score0.00547EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/02 12:1 a.m.7 views

club.javafamily:javafamily-utils-all (>=2.3.2-beta.3 <=2.3.2-beta.4), club.javafamily:javafamily-utils-pdf-itext (>=2.3.2-beta.3 <=2.3.2-beta.4) +214 more potentially affected by CVE-2022-24196 via com.itextpdf:itext7-core (>=7.0.4 <=7.1.16)

com.itextpdf:itext7-core MAVEN version =7.0.4, =2.3.2-beta.3, =2.3.2-beta.3, =1.6.0, =0.0.30, =0.1, =1.0, =1.0, =1.0, =1.1 - com.houkunlin.easypoi:easypoi-base =5.0.2 - com.houkunlin.easypoi:easypoi-spring-boot-starter =5.0.2 - com.houkunlin.easypoi:easypoi-web =5.0.2 -...

6.5CVSS6.5AI score0.01612EPSS
Exploits1
Rows per page
Query Builder