Lucene search
K

102 matches found

OSV
OSV
added 2022/02/01 12:0 a.m.16 views

CVE-2022-24196

iText v7.1.17, up to exluding": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

6.5CVSS6.3AI score0.01612EPSS
Exploits1References5
CVE
CVE
added 2022/02/01 12:0 a.m.87 views

CVE-2022-24196

CVE-2022-24196 affects iText Java PDF library versions up to (but not including) 7.1.18 and 7.2.2, with the root cause in the readStreamBytesRaw component. This creates an out-of-memory condition that can be exploited by a crafted PDF to cause a Denial of Service. Public sources identify vulnerab...

6.5CVSS6.2AI score0.01612EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/02/01 12:0 a.m.95 views

CVE-2022-24197

CVE-2022-24197 affects iText 7.1.17, where a stack-based buffer overflow in ByteBuffer.append during PDF parsing can cause a Denial of Service. A fix is available in iText 7.1.18; organizations should upgrade to 7.1.18 to mitigate.

6.5CVSS6.4AI score0.01502EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/01 12:0 a.m.16 views

CVE-2022-24197

iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

6.5CVSS6.5AI score0.01502EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/01 12:0 a.m.29 views

CVE-2022-24196

iText v7.1.17, up to exluding": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

6.5AI score0.01612EPSS
Exploits1References3
CNVD
CNVD
added 2021/12/19 12:0 a.m.29 views

iText command injection vulnerability

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...

9.8CVSS4.4AI score0.05172EPSS
Exploits1References1
OSV
OSV
added 2021/12/16 12:2 a.m.3 views

GHSA-GV87-Q66H-4277 Command injection in itext7-core

iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

9.8CVSS7.1AI score0.05172EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.4 views

PT-2021-23745 · Unknown +1 · Ghostscript +1

Name of the Vulnerable Software and Affected Versions: iText versions prior to 7.1.17 Description: The issue allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java. This can occur when a malicious filename is provide...

9.8CVSS8.8AI score0.05172EPSS
Exploits1References24
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.4 views

iText 命令注入漏洞

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...

9.8CVSS6AI score0.05172EPSS
Exploits1References10
CVE
CVE
added 2021/12/15 12:0 a.m.138 views

CVE-2021-43113

The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...

9.8CVSS9.3AI score0.05172EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.128 views

Oracle Primavera Unifier (Oct 2020 CPU)

The 16.1-16.2, 17.7-17.12, 18.8, and 19.12 versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platfor...

9.1CVSS6.5AI score0.98567EPSS
Exploits13References8
Openbugbounty
Openbugbounty
added 2020/06/02 1:15 p.m.22 views

itext.2136553.n4.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181572 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 5:43 p.m.7 views

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +64 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.55)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

7.4CVSS7.1AI score0.02208EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/11/14 8:49 a.m.62 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS6.1AI score0.09946EPSS
Exploits1References2
0day.today
0day.today
added 2017/11/09 12:0 a.m.715 views

iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection Vulnerability

Exploit for java platform in category remote exploits Product: iText PDF Library Vendor: iText Group CVE ID: CVE-2017-9096 Subject: XML External Entity Attack XXE Risk: Medium Effect: Remotely exploitable Author: Benjamin Bruppacher Date: 2017-11-06 Introduction: ------------- iText is a software...

6.8CVSS0.2AI score0.09946EPSS
Exploits1
NVD
NVD
added 2017/11/08 4:29 p.m.28 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.5AI score0.09946EPSS
Exploits1References4
Prion
Prion
added 2017/11/08 4:29 p.m.23 views

Xxe

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

6.8CVSS8.3AI score0.09946EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2017/11/08 4:29 p.m.26 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS6.7AI score
Exploits0References4
Cvelist
Cvelist
added 2017/11/08 4:0 p.m.44 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.4AI score0.09946EPSS
Exploits1References4
CVE
CVE
added 2017/11/08 4:0 p.m.317 views

CVE-2017-9096

The CVE-2017-9096 issue concerns the iText PDF library where XML parsers do not disable external entities, enabling XXE via crafted PDFs. Public docs identify the root cause as improper XML External Entity handling in iText before 5.5.12 and before 7.0.3, with IBM Bulletins noting fixes in IBM Da...

8.8CVSS8.3AI score0.09946EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder