102 matches found
CVE-2022-24196
iText v7.1.17, up to exluding": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...
CVE-2022-24196
CVE-2022-24196 affects iText Java PDF library versions up to (but not including) 7.1.18 and 7.2.2, with the root cause in the readStreamBytesRaw component. This creates an out-of-memory condition that can be exploited by a crafted PDF to cause a Denial of Service. Public sources identify vulnerab...
CVE-2022-24197
CVE-2022-24197 affects iText 7.1.17, where a stack-based buffer overflow in ByteBuffer.append during PDF parsing can cause a Denial of Service. A fix is available in iText 7.1.18; organizations should upgrade to 7.1.18 to mitigate.
CVE-2022-24197
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...
CVE-2022-24196
iText v7.1.17, up to exluding": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...
iText command injection vulnerability
iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...
GHSA-GV87-Q66H-4277 Command injection in itext7-core
iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...
PT-2021-23745 · Unknown +1 · Ghostscript +1
Name of the Vulnerable Software and Affected Versions: iText versions prior to 7.1.17 Description: The issue allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java. This can occur when a malicious filename is provide...
iText 命令注入漏洞
iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...
CVE-2021-43113
The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...
Oracle Primavera Unifier (Oct 2020 CPU)
The 16.1-16.2, 17.7-17.12, 18.8, and 19.12 versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platfor...
itext.2136553.n4.nabble.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1181572 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +64 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.55)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...
CVE-2017-9096
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection Vulnerability
Exploit for java platform in category remote exploits Product: iText PDF Library Vendor: iText Group CVE ID: CVE-2017-9096 Subject: XML External Entity Attack XXE Risk: Medium Effect: Remotely exploitable Author: Benjamin Bruppacher Date: 2017-11-06 Introduction: ------------- iText is a software...
CVE-2017-9096
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
Xxe
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
CVE-2017-9096
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
CVE-2017-9096
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
CVE-2017-9096
The CVE-2017-9096 issue concerns the iText PDF library where XML parsers do not disable external entities, enabling XXE via crafted PDFs. Public docs identify the root cause as improper XML External Entity handling in iText before 5.5.12 and before 7.0.3, with IBM Bulletins noting fixes in IBM Da...